[2025-12-09 19:32:28.459] [DEBUG] [tid:130855398528704] (main_gbm.cpp:334) 启动 gbm预测及训练! [2025-12-09 19:32:28.462] [ERROR] [tid:130855398528704] (KafkaConsumer.cpp:173) Created consumer rdkafka#consumer-2 [2025-12-09 19:32:28.463] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:453) subscribe successed: Success [2025-12-09 19:32:45.850] [ERROR] [tid:130855398528704] (KafkaConsumer.cpp:89) RebalanceCb: Local: Assign partitions: [2025-12-09 19:32:45.850] [ERROR] [tid:130855398528704] (KafkaConsumer.cpp:79) analyzed_queue_gbm[2], [2025-12-09 19:33:30.850] [ERROR] [tid:130855398528704] (KafkaConsumer.cpp:89) RebalanceCb: Local: Revoke partitions: [2025-12-09 19:33:30.850] [ERROR] [tid:130855398528704] (KafkaConsumer.cpp:79) analyzed_queue_gbm[2], [2025-12-09 19:33:30.857] [ERROR] [tid:130855398528704] (KafkaConsumer.cpp:89) RebalanceCb: Local: Assign partitions: [2025-12-09 19:33:30.857] [ERROR] [tid:130855398528704] (KafkaConsumer.cpp:79) analyzed_queue_gbm[0], [2025-12-09 19:33:30.857] [ERROR] [tid:130855398528704] (KafkaConsumer.cpp:79) analyzed_queue_gbm[1], [2025-12-09 19:33:30.857] [ERROR] [tid:130855398528704] (KafkaConsumer.cpp:79) analyzed_queue_gbm[2], [2025-12-09 19:34:24.792] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24779 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_cat.pcap.UDP_192-168-52-1_60210_239-255-255-250_1900.1726193426.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_cat.pcap.UDP_192-168-52-1_60210_239-255-255-250_1900.1726193426.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=3206f3689f9dc2e3596e1c761ee5a4beb2b1023467582fdf6ca26f4219ff6071&X-Amz-Date=20251209T113424Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-09 19:34:24.792] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:34:24.792] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:34:25.955] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:34:25.955] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:34:25.955] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:34:25.956] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:34:25.963] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_cat.pcap.UDP_192-168-52-1_60210_239-255-255-250_1900.1726193426.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280065956, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:34:25.963] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:34:25.963] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:34:27.905] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25120 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_https_whoami.pcap.UDP_192-168-52-1_54772_239-255-255-250_1900.1725956199.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_https_whoami.pcap.UDP_192-168-52-1_54772_239-255-255-250_1900.1725956199.jsonl?X-Amz-Expires=604800&X-Amz-Signature=cff5dfacc6e133ad09b0c135fa85c154ab17d54f51bfd9d0026f9fcd610a0b72&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T113427Z"} [2025-12-09 19:34:27.905] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:34:27.905] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:34:27.905] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:34:27.905] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:34:27.906] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:34:27.906] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:34:27.913] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_https_whoami.pcap.UDP_192-168-52-1_54772_239-255-255-250_1900.1725956199.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280067907, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:34:27.913] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:34:27.913] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:34:31.027] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24780 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_https_whoami.pcap.UDP_192-168-52-1_54773_239-255-255-250_1900.1725956199.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_https_whoami.pcap.UDP_192-168-52-1_54773_239-255-255-250_1900.1725956199.jsonl?X-Amz-Date=20251209T113430Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=ef06687e70d53d5c9e2f27bc4a898b48aa24b02be5afd9bc8c1fe1aeacf6eed5"} [2025-12-09 19:34:31.027] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:34:31.027] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:34:31.028] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:34:31.028] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:34:31.028] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:34:31.029] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:34:31.040] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_https_whoami.pcap.UDP_192-168-52-1_54773_239-255-255-250_1900.1725956199.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280071029, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:34:31.040] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:34:31.040] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:34:34.141] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24781 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_52001_239-255-255-250_1900.1726192246.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_52001_239-255-255-250_1900.1726192246.jsonl?X-Amz-Signature=df3b36bc655fbb146c2cdc83aab265455efc057314b0f6aac1d34a6c8d966bd9&X-Amz-Date=20251209T113433Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:34:34.141] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:34:34.141] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:34:34.141] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:34:34.141] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:34:34.141] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:34:34.142] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:34:34.153] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_52001_239-255-255-250_1900.1726192246.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280074142, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:34:34.153] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:34:34.153] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:34:37.261] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24782 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_ls.pcap.UDP_192-168-52-1_51595_239-255-255-250_1900.1726192066.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_ls.pcap.UDP_192-168-52-1_51595_239-255-255-250_1900.1726192066.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=4ac7f297e3f9950083790f6bf538492bfff70de26c077ef1798d3f4cd916b9b8&X-Amz-Date=20251209T113436Z"} [2025-12-09 19:34:37.261] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:34:37.261] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:34:37.262] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:34:37.262] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:34:37.262] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:34:37.267] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:34:37.278] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_ls.pcap.UDP_192-168-52-1_51595_239-255-255-250_1900.1726192066.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280077267, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:34:37.278] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:34:37.278] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:34:40.370] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25121 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID73_godzilla_1.10_aspx_windowsserver2008r2_https.pcap.TCP_192-168-17-1_37985_192-168-17-132_443.1726129728.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID73_godzilla_1.10_aspx_windowsserver2008r2_https.pcap.TCP_192-168-17-1_37985_192-168-17-132_443.1726129728.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=f446075ec2f2633d0cf4c8c3463a63863c9b4d64286ebf33787ccc8b78f4daaf&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T113439Z"} [2025-12-09 19:34:40.370] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:34:40.370] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:34:40.371] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:34:40.371] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:34:40.371] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:34:40.372] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:34:40.609] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID73_godzilla_1.10_aspx_windowsserver2008r2_https.pcap.TCP_192-168-17-1_37985_192-168-17-132_443.1726129728.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765280080372, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:34:40.609] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:34:40.609] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:34:43.485] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24783 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID74_godzilla_2.96_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_37301_192-168-17-132_443.1726129614.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID74_godzilla_2.96_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_37301_192-168-17-132_443.1726129614.jsonl?X-Amz-Expires=604800&X-Amz-Signature=7eebe945085b02af7cffcc00f440e3531bb44df593044253cf0fb7001172f28b&X-Amz-Date=20251209T113442Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:34:43.485] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:34:43.485] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:34:43.485] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:34:43.485] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:34:43.485] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:34:43.485] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:34:43.668] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID74_godzilla_2.96_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_37301_192-168-17-132_443.1726129614.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765280083485, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:34:43.668] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:34:43.668] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:34:46.602] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24784 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID75_godzilla_3.0.3_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_36634_192-168-17-132_443.1726129504.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID75_godzilla_3.0.3_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_36634_192-168-17-132_443.1726129504.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=cc0e73ca10aa772d904a54464fd39faad6483961798790585322aa4573ec2081&X-Amz-Expires=604800&X-Amz-Date=20251209T113446Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:34:46.603] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:34:46.603] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:34:46.603] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:34:46.603] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:34:46.603] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:34:46.603] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:34:46.787] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID75_godzilla_3.0.3_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_36634_192-168-17-132_443.1726129504.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765280086603, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:34:46.787] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:34:46.787] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:34:49.712] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25122 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID76_godzilla_4.01_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_35946_192-168-17-132_443.1726129385.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID76_godzilla_4.01_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_35946_192-168-17-132_443.1726129385.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=18916f4b34ff34b8126a3d0c9ecc050c3f9b6f9a2accfb40ef6dd78841537a22&X-Amz-Date=20251209T113449Z&X-Amz-SignedHeaders=host"} [2025-12-09 19:34:49.712] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:34:49.712] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:34:49.712] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:34:49.712] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:34:49.712] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:34:49.712] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:34:49.894] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID76_godzilla_4.01_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_35946_192-168-17-132_443.1726129385.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765280089713, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:34:49.894] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:34:49.894] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:34:52.828] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24026 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID78_Z_Godzilla_ekp1.0_aspx_windowsserver2008r2_https.pcap.TCP_192-168-17-1_58744_192-168-17-132_443.1726121361.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID78_Z_Godzilla_ekp1.0_aspx_windowsserver2008r2_https.pcap.TCP_192-168-17-1_58744_192-168-17-132_443.1726121361.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T113452Z&X-Amz-Signature=a1903aaf4cd97e9c7eff7ebc14dc33a86ec636848017d2b5c420d379ae0073d5&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-09 19:34:52.828] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:34:52.828] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:34:52.829] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:34:52.829] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:34:52.829] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:34:52.829] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:34:53.013] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID78_Z_Godzilla_ekp1.0_aspx_windowsserver2008r2_https.pcap.TCP_192-168-17-1_58744_192-168-17-132_443.1726121361.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765280092829, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:34:53.013] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:34:53.013] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:34:55.940] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24027 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_185-125-190-98_80_192-168-112-135_55098.1726130543.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_185-125-190-98_80_192-168-112-135_55098.1726130543.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T113455Z&X-Amz-Signature=b1f4f142ab08f1b081fe43cd3ae7131d11790822aa658460b188558416c506aa"} [2025-12-09 19:34:55.940] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:34:55.940] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:34:55.940] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:34:55.941] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:34:55.941] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:34:55.941] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:34:56.124] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_185-125-190-98_80_192-168-112-135_55098.1726130543.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280095941, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.135", "dest_ip": "185.125.190.98", "protocol": 6, "src_port": 55098, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:34:56.124] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:34:56.124] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:34:56.125] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:34:56.125] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:34:59.054] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25123 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_185-125-190-98_80_192-168-112-135_40916.1726129588.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_185-125-190-98_80_192-168-112-135_40916.1726129588.jsonl?X-Amz-Date=20251209T113458Z&X-Amz-Signature=459c868d10766c9960549a55eb467b90d1e8da903ba76af8e3fa7696f4e26490&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 19:34:59.054] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:34:59.054] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:34:59.054] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:34:59.054] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:34:59.054] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:34:59.055] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:34:59.238] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_185-125-190-98_80_192-168-112-135_40916.1726129588.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280099055, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.135", "dest_ip": "185.125.190.98", "protocol": 6, "src_port": 40916, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:34:59.238] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:34:59.238] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:34:59.238] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:34:59.238] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:35:02.169] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24028 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID77_Z_Godzilla_ekp1.1_aspx_windowsserver2008r2_https.pcap.UDP_192-168-17-2_137_192-168-17-132_137.1726129240.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID77_Z_Godzilla_ekp1.1_aspx_windowsserver2008r2_https.pcap.UDP_192-168-17-2_137_192-168-17-132_137.1726129240.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=5016491469d937317fb4168a7352bcdc425078e5dd8d17e812fbefd2b0a588e6&X-Amz-Date=20251209T113501Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 19:35:02.169] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:35:02.169] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:35:02.169] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:35:02.169] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:35:02.169] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:35:02.170] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:35:02.174] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID77_Z_Godzilla_ekp1.1_aspx_windowsserver2008r2_https.pcap.UDP_192-168-17-2_137_192-168-17-132_137.1726129240.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280102170, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:35:02.174] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:35:02.174] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:35:05.284] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24029 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__http_ls.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726192478.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__http_ls.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726192478.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=f8a3c29027ca89eddf9924251fec0facd17ea07483d744dcc9b021ae4cff1c37&X-Amz-Date=20251209T113504Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:35:05.284] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:35:05.284] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:35:05.284] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:35:05.284] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:35:05.284] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:35:05.285] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:35:05.296] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__http_ls.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726192478.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280105285, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:35:05.296] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:35:05.296] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:35:08.404] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25124 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44876.1726132156.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44876.1726132156.jsonl?X-Amz-Date=20251209T113507Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=71d390aa040aa892413fb6e2422aae20b4dd1b260500085b3403a69e24cc101a"} [2025-12-09 19:35:08.404] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:35:08.404] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:35:08.405] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:35:08.405] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:35:08.405] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:35:08.405] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:35:08.636] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44876.1726132156.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280108406, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44876, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:35:08.636] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:35:08.636] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:35:08.636] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:35:08.636] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:35:11.513] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24030 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53322.1726132238.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53322.1726132238.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T113511Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=5828323143fc46b304ce19d3b69e2258761c6f77e928c89397f2a88dcfc4d1b0&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 19:35:11.513] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:35:11.513] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:35:11.514] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:35:11.514] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:35:11.514] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:35:11.514] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:35:11.734] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53322.1726132238.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280111514, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53322, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:35:11.734] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:35:11.734] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:35:11.734] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:35:11.734] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:35:14.625] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25125 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__http_ls.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726192478.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__http_ls.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726192478.jsonl?X-Amz-Signature=a8fb9f9ad54f4f309e0c74959025097edfb333c8801dcf1e0aadf603648a86df&X-Amz-Date=20251209T113514Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 19:35:14.625] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:35:14.625] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:35:14.626] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:35:14.626] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:35:14.626] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:35:14.626] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:35:14.632] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__http_ls.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726192478.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280114626, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:35:14.632] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:35:14.632] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:35:17.742] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24785 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID78_Z_Godzilla_ekp1.0_aspx_windowsserver2008r2_https.pcap.UDP_fe80--e81c-5aaa-584f-f6fb_546_ff02--1-2_547.1726121355.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID78_Z_Godzilla_ekp1.0_aspx_windowsserver2008r2_https.pcap.UDP_fe80--e81c-5aaa-584f-f6fb_546_ff02--1-2_547.1726121355.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=b7860052d08599f0982d73d70e8edc0b35831c8fd3112e38d9ce96325079e107&X-Amz-Date=20251209T113517Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:35:17.742] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:35:17.742] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:35:17.742] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:35:17.742] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:35:17.742] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:35:17.743] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:35:17.755] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID78_Z_Godzilla_ekp1.0_aspx_windowsserver2008r2_https.pcap.UDP_fe80--e81c-5aaa-584f-f6fb_546_ff02--1-2_547.1726121355.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280117743, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:35:17.755] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:35:17.755] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:35:20.851] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25126 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44900.1726132198.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44900.1726132198.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T113520Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=ff0f50cdf2a24731d249fb8430ae88703452e34816b939de815d4e71493b908c"} [2025-12-09 19:35:20.851] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:35:20.851] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:35:20.851] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:35:20.851] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:35:20.851] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:35:20.852] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:35:21.085] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44900.1726132198.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280120852, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44900, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:35:21.085] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:35:21.085] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:35:21.085] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:35:21.085] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:35:23.968] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24031 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_38764.1726130487.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_38764.1726130487.jsonl?X-Amz-Expires=604800&X-Amz-Signature=c4b9b099f109bdf8ac073477bfece6778fd60a2e3d2fbe72d279ca9be90ef62c&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T113523Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:35:23.968] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:35:23.968] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:35:23.968] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:35:23.968] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:35:23.968] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:35:23.969] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:35:24.152] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_38764.1726130487.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280123969, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 38764, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:35:24.152] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:35:24.152] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:35:24.152] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:35:24.152] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:35:27.070] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24786 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_47816.1726130530.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_47816.1726130530.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=4bd3742cc3035466ea1274ec44f00d12c26b8d4333631de16eacca86fe27a19f&X-Amz-Date=20251209T113526Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:35:27.070] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:35:27.070] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:35:27.070] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:35:27.070] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:35:27.070] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:35:27.071] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:35:27.253] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_47816.1726130530.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280127071, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 47816, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:35:27.253] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:35:27.253] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:35:27.253] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:35:27.254] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:35:30.182] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24787 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_36538.1726130578.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_36538.1726130578.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T113529Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=154f04a9cfd1e22c0328fe04efb89e2336d30bc07ec0a281e1e5fb7a4e38bdc1"} [2025-12-09 19:35:30.183] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:35:30.183] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:35:30.183] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:35:30.183] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:35:30.183] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:35:30.183] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:35:30.366] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_36538.1726130578.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280130183, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 36538, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:35:30.366] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:35:30.366] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:35:30.366] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:35:30.366] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:35:33.299] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24032 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_34308.1726129515.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_34308.1726129515.jsonl?X-Amz-Signature=a15b729ee97242a9942121cb0635534561ae744dc59abbc55d13adb7c7a2dc5a&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T113532Z"} [2025-12-09 19:35:33.299] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:35:33.299] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:35:33.300] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:35:33.300] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:35:33.300] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:35:33.300] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:35:33.483] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_34308.1726129515.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280133300, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 34308, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:35:33.483] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:35:33.483] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:35:33.483] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:35:33.483] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:35:36.414] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24033 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_52090.1726129584.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_52090.1726129584.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=ba2614ab309f92bacc0b24345636e3d0c6209c03c39cd465173d2d6b6ce0d486&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T113535Z"} [2025-12-09 19:35:36.414] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:35:36.414] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:35:36.414] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:35:36.414] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:35:36.414] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:35:36.415] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:35:36.610] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_52090.1726129584.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280136415, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 52090, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:35:36.610] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:35:36.610] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:35:36.610] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:35:36.610] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:35:39.523] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25127 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_35708.1726129632.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_35708.1726129632.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=96b2c400ac61c37334bf19aa9eca7c3dd624eb1fd7b39066a732a46b535ad22a&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T113539Z"} [2025-12-09 19:35:39.523] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:35:39.523] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:35:39.523] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:35:39.523] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:35:39.523] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:35:39.524] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:35:39.709] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_35708.1726129632.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280139524, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 35708, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:35:39.709] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:35:39.709] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:35:39.709] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:35:39.709] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:35:42.625] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24788 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49233.1727232101.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49233.1727232101.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=335a1ff08c071dcbac3cf5cf21ab66c66a14b6a78e31405d2aeece863523105a&X-Amz-Date=20251209T113542Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:35:42.625] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:35:42.625] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:35:42.625] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:35:42.625] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:35:42.625] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:35:42.625] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:35:42.809] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49233.1727232101.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280142626, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49233, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:35:42.809] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:35:42.809] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:35:42.809] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:35:42.809] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:35:45.738] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24034 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50122.1726212710.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50122.1726212710.jsonl?X-Amz-Date=20251209T113545Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=3761a2fc01e9ad48320a4f2264c91069aa9370f4553bfbd03ed0ac221b586f39&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:35:45.738] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:35:45.738] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:35:45.738] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:35:45.738] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:35:45.738] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:35:45.738] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:35:45.927] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50122.1726212710.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280145738, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50122, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:35:45.927] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:35:45.927] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:35:45.927] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:35:45.927] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:35:48.843] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24035 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP2.pcap.TCP_192-168-112-140_51119_192-168-112-141_49196.1727231967.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP2.pcap.TCP_192-168-112-140_51119_192-168-112-141_49196.1727231967.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251209T113548Z&X-Amz-Signature=440dc00f84959a15c65ca91290984f0a1e486f28f65a540c0e98c0bc45241165&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:35:48.844] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:35:48.844] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:35:48.844] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:35:48.844] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:35:48.844] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:35:48.845] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:35:49.079] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP2.pcap.TCP_192-168-112-140_51119_192-168-112-141_49196.1727231967.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280148845, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49196, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:35:49.079] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:35:49.079] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:35:49.079] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:35:49.079] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:35:51.957] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24036 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42202_192-168-163-23_443.1726208536.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42202_192-168-163-23_443.1726208536.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=870520c23caf27e34f53025f520ad17f427bff23d5e1633effc647eba15b6bc4&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T113551Z"} [2025-12-09 19:35:51.957] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:35:51.957] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:35:51.957] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:35:51.958] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:35:51.958] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:35:51.958] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:35:52.137] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42202_192-168-163-23_443.1726208536.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280151958, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42202, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:35:52.137] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:35:52.137] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:35:52.137] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:35:52.137] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:35:55.071] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25128 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_47642.1726130399.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_47642.1726130399.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=a12730787e3e07a0d521e7047b0d344040ee5c4e4e7a41ecbf6f20055a044811&X-Amz-Date=20251209T113554Z"} [2025-12-09 19:35:55.071] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:35:55.071] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:35:55.072] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:35:55.072] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:35:55.072] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:35:55.072] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:35:55.257] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_47642.1726130399.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280155072, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 47642, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:35:55.258] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:35:55.258] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:35:55.258] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:35:55.258] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:35:58.185] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24037 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.3_1.pcap.TCP_10-0-4-15_443_218-26-55-102_43315.1726308782.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.3_1.pcap.TCP_10-0-4-15_443_218-26-55-102_43315.1726308782.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=2301e4a8b60c3640135e2943a0cfabfa39fef7a028fee08d01d962ad790ed5b9&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251209T113557Z"} [2025-12-09 19:35:58.186] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:35:58.186] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:35:58.186] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:35:58.186] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:35:58.186] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:35:58.186] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:35:58.370] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.3_1.pcap.TCP_10-0-4-15_443_218-26-55-102_43315.1726308782.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280158186, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "218.26.55.102", "dest_ip": "10.0.4.15", "protocol": 6, "src_port": 43315, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:35:58.370] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:35:58.370] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:35:58.370] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:35:58.370] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:36:01.303] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24789 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_36168.1726192308.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_36168.1726192308.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=cd7b690158e92134216000e01a91719d15c9f15dbb6d69cdd891f4082d5d3856&X-Amz-Date=20251209T113600Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:36:01.303] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:36:01.303] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:36:01.303] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:36:01.303] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:36:01.303] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:36:01.304] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:36:01.310] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_36168.1726192308.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280161304, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:36:01.310] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:36:01.310] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:36:04.417] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24790 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_57739.1726192309.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_57739.1726192309.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251209T113603Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=97e7d24c1d965457b7e002564d6ba61ed5e21c1cb39a4eccf6439703f4dcc2bb"} [2025-12-09 19:36:04.417] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:36:04.417] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:36:04.417] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:36:04.417] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:36:04.417] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:36:04.418] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:36:04.429] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_57739.1726192309.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280164418, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:36:04.429] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:36:04.429] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:36:07.525] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24791 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_ls.pcap.UDP_192-168-52-2_53_192-168-52-129_36839.1726192280.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_ls.pcap.UDP_192-168-52-2_53_192-168-52-129_36839.1726192280.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T113607Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=67b6476a7261fbed2ad84513af712e3a706875578fb276389bb9e4e6a946f119"} [2025-12-09 19:36:07.526] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:36:07.526] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:36:07.526] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:36:07.526] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:36:07.526] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:36:07.527] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:36:07.538] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_ls.pcap.UDP_192-168-52-2_53_192-168-52-129_36839.1726192280.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280167527, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:36:07.538] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:36:07.538] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:36:10.643] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24038 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_https_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_43683.1725956188.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_https_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_43683.1725956188.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T113610Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=d23eb9e872d6d4e394b02b4c6e48b2f782b22a6295dff011f407335a9d171adf"} [2025-12-09 19:36:10.644] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:36:10.644] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:36:10.644] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:36:10.644] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:36:10.644] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:36:10.645] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:36:10.656] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_https_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_43683.1725956188.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280170645, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:36:10.656] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:36:10.656] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:36:13.754] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24039 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_https_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_56848.1725956188.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_https_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_56848.1725956188.jsonl?X-Amz-Signature=62874b416c0bda992ca1c16fa5eaab4fa1cb29498dc7e0fc7895369fc5d1b391&X-Amz-Date=20251209T113613Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 19:36:13.754] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:36:13.754] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:36:13.754] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:36:13.754] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:36:13.754] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:36:13.755] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:36:13.766] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_https_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_56848.1725956188.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280173755, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:36:13.766] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:36:13.766] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:36:16.856] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24040 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_54524.1726192241.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_54524.1726192241.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=0ee6cfa67a9b5bc42975068b2797aa7d011523dfbe24454bd136316e04e447ef&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T113616Z&X-Amz-Expires=604800"} [2025-12-09 19:36:16.857] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:36:16.857] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:36:16.857] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:36:16.857] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:36:16.857] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:36:16.858] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:36:16.869] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_54524.1726192241.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280176858, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:36:16.869] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:36:16.869] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:36:19.958] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24041 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_58070.1726192241.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_58070.1726192241.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T113619Z&X-Amz-Expires=604800&X-Amz-Signature=426a56bec6e63159db069ffee9b45ef81bf0c58147090dc401edade9a1c998f2&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-09 19:36:19.958] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:36:19.958] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:36:19.958] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:36:19.958] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:36:19.958] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:36:19.959] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:36:19.970] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_58070.1726192241.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280179959, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:36:19.970] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:36:19.970] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:36:23.080] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24042 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_38634.1726042297.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_38634.1726042297.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T113622Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=4129d0bdc5ef05a4d7ce13eceed7eb39a251d9c5accb09f9181faa72c251fdab"} [2025-12-09 19:36:23.081] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:36:23.081] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:36:23.081] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:36:23.081] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:36:23.081] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:36:23.082] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:36:23.093] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_38634.1726042297.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280183082, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:36:23.093] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:36:23.093] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:36:26.195] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25129 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_43725.1726042297.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_43725.1726042297.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=0bfae86a8dfabb24e5e9ae77051c848b088ea340c7877d117bf611b48cc4f547&X-Amz-Expires=604800&X-Amz-Date=20251209T113625Z"} [2025-12-09 19:36:26.195] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:36:26.195] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:36:26.196] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:36:26.196] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:36:26.196] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:36:26.197] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:36:26.208] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_43725.1726042297.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280186197, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:36:26.208] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:36:26.208] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:36:29.316] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25130 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_45267.1726192105.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_45267.1726192105.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T113628Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=c2196d755827042bf63bdc854885c48f456868cb0c2119e351659b426fe34d31"} [2025-12-09 19:36:29.316] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:36:29.316] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:36:29.317] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:36:29.317] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:36:29.317] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:36:29.318] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:36:29.329] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_45267.1726192105.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280189318, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:36:29.329] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:36:29.329] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:36:32.427] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24043 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_52385.1726192105.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_52385.1726192105.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T113631Z&X-Amz-Signature=eb832419a24457b91eaef8dc4f63d7d9399709e9937dac773d7a5f6c37d14cb8"} [2025-12-09 19:36:32.427] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:36:32.427] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:36:32.427] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:36:32.427] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:36:32.427] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:36:32.428] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:36:32.439] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_52385.1726192105.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280192428, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:36:32.439] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:36:32.439] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:36:35.529] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24792 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_ls.pcap.UDP_192-168-52-2_53_192-168-52-129_34303.1726192068.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_ls.pcap.UDP_192-168-52-2_53_192-168-52-129_34303.1726192068.jsonl?X-Amz-Date=20251209T113635Z&X-Amz-Signature=61bf1fe2ce180e8f78ec41a0e478fdf2adcd9bb2b075aaa3b333f14e0cd151c3&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:36:35.529] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:36:35.529] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:36:35.529] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:36:35.530] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:36:35.530] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:36:35.530] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:36:35.541] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_ls.pcap.UDP_192-168-52-2_53_192-168-52-129_34303.1726192068.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280195531, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:36:35.542] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:36:35.542] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:36:38.630] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24793 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_ls.pcap.UDP_192-168-52-2_53_192-168-52-129_60066.1726192068.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_ls.pcap.UDP_192-168-52-2_53_192-168-52-129_60066.1726192068.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=34f7ad248c011727447b7e7ce4d12a154db9a8f72c2b7cc5da57814bee66313d&X-Amz-Date=20251209T113638Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:36:38.630] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:36:38.630] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:36:38.631] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:36:38.631] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:36:38.631] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:36:38.632] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:36:38.643] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_ls.pcap.UDP_192-168-52-2_53_192-168-52-129_60066.1726192068.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280198632, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:36:38.643] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:36:38.643] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:36:41.747] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24794 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_41939.1726042454.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_41939.1726042454.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T113641Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=271b0b55c9ff6595b9654bd86a3a8510f0bb9f5345bf2dae3e195e2a88ab2041&X-Amz-SignedHeaders=host"} [2025-12-09 19:36:41.747] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:36:41.747] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:36:41.748] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:36:41.748] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:36:41.748] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:36:41.749] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:36:41.760] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_41939.1726042454.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280201749, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:36:41.760] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:36:41.760] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:36:44.856] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24795 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_55735.1726042454.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_55735.1726042454.jsonl?X-Amz-Expires=604800&X-Amz-Signature=4ddf134f85222b72f89d180ba16ab040f212a8b30317a863a6f2837d477cc543&X-Amz-Date=20251209T113644Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:36:44.856] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:36:44.856] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:36:44.856] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:36:44.856] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:36:44.856] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:36:44.857] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:36:44.868] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_55735.1726042454.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280204857, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:36:44.869] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:36:44.869] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:36:47.975] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25131 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_ls.pcap.UDP_192-168-52-2_53_192-168-52-129_37527.1726042424.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_ls.pcap.UDP_192-168-52-2_53_192-168-52-129_37527.1726042424.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=d113b4bdceb352bf64896e0d7930b0931b0935ebd6a4fdc73195e4aa3c32877a&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T113647Z"} [2025-12-09 19:36:47.975] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:36:47.975] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:36:47.975] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:36:47.975] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:36:47.975] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:36:47.976] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:36:47.987] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_ls.pcap.UDP_192-168-52-2_53_192-168-52-129_37527.1726042424.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280207976, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:36:47.987] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:36:47.987] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:36:51.096] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24796 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_ls.pcap.UDP_192-168-52-2_53_192-168-52-129_60160.1726042424.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_ls.pcap.UDP_192-168-52-2_53_192-168-52-129_60160.1726042424.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=a0bdf83fab3a849293e7b59ff0476cec880ea60d1c3fa1ede8eec3159f4ac1c1&X-Amz-Date=20251209T113650Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-09 19:36:51.096] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:36:51.096] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:36:51.096] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:36:51.096] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:36:51.096] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:36:51.097] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:36:51.109] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_ls.pcap.UDP_192-168-52-2_53_192-168-52-129_60160.1726042424.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280211098, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:36:51.109] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:36:51.109] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:36:54.196] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25132 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_53411.1725954694.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_53411.1725954694.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=f9ebff1fcc8c45fe4974571463881e7f4abc20638adb076ccc2b79f9c711896e&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251209T113653Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:36:54.197] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:36:54.197] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:36:54.197] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:36:54.197] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:36:54.197] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:36:54.198] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:36:54.209] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_53411.1725954694.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280214198, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:36:54.209] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:36:54.209] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:36:57.306] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24797 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_57957.1725954694.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_57957.1725954694.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=16046e4a06710c3facdfb43e893607878d319960adbf7ee3498301c0009ebaa3&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T113656Z&X-Amz-SignedHeaders=host"} [2025-12-09 19:36:57.306] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:36:57.306] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:36:57.306] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:36:57.306] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:36:57.306] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:36:57.307] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:36:57.318] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_57957.1725954694.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280217307, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:36:57.318] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:36:57.318] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:37:00.416] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24798 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_42613.1726192027.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_42613.1726192027.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T113659Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=9d9ed13b1ea60c2ee4c4cec6aa75473fc096f4541101e7fcce451986c129223a&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:37:00.416] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:37:00.416] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:37:00.417] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:37:00.417] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:37:00.417] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:37:00.418] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:37:00.429] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_42613.1726192027.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280220418, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:37:00.429] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:37:00.429] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:37:03.528] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24044 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_55400.1726192027.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_55400.1726192027.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T113703Z&X-Amz-SignedHeaders=host&X-Amz-Signature=b4168730e7e38f7987214a90e7383903fa26f0f076afdfa6304573bf3db51035"} [2025-12-09 19:37:03.528] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:37:03.528] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:37:03.528] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:37:03.528] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:37:03.528] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:37:03.529] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:37:03.541] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_55400.1726192027.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280223530, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:37:03.541] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:37:03.541] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:37:06.648] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24799 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_whoami.pcap.TCP_192-168-52-1_21041_192-168-52-129_443.1725955218.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_whoami.pcap.TCP_192-168-52-1_21041_192-168-52-129_443.1725955218.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=8bf5defc7050d2d29266f947f7217b7131a5f55e842d57b601329e223a289f7c&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T113706Z"} [2025-12-09 19:37:06.648] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:37:06.648] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:37:06.648] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:37:06.648] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:37:06.648] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:37:06.649] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:37:06.883] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_whoami.pcap.TCP_192-168-52-1_21041_192-168-52-129_443.1725955218.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280226649, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.129", "dest_ip": "192.168.52.1", "protocol": 6, "src_port": 443, "dest_port": 21041, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:37:06.883] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:37:06.883] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:37:06.883] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:37:06.883] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:37:09.761] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24045 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_65094_239-255-255-250_1900.1726192252.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_65094_239-255-255-250_1900.1726192252.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T113709Z&X-Amz-Signature=feb0309ef0a8cd2cf5e8d003cbef3968b8ec845142a807c15043dbe91dc61796"} [2025-12-09 19:37:09.761] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:37:09.761] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:37:09.761] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:37:09.761] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:37:09.761] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:37:09.761] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:37:09.767] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_65094_239-255-255-250_1900.1726192252.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280229762, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:37:09.767] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:37:09.767] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:37:12.878] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24046 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogaizwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49264.1726045047.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogaizwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49264.1726045047.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=d495380cd0a8e3fcb3989ebae6f893e3943e0219561fbc1fe9a8e1557423d01b&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T113712Z"} [2025-12-09 19:37:12.878] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:37:12.879] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:37:12.879] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:37:12.879] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:37:12.879] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:37:12.880] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:37:13.113] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogaizwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49264.1726045047.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280232880, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49264, "dest_port": 50050, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:37:13.113] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:37:13.113] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:37:13.113] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:37:13.113] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:37:15.988] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24800 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-30_49235.1726043314.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-30_49235.1726043314.jsonl?X-Amz-Date=20251209T113715Z&X-Amz-SignedHeaders=host&X-Amz-Signature=34deb65e5b8b228e7b3ac710b8655a3a897922d633ce2a9c81dcf94f4dba4b8b&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-09 19:37:15.988] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:37:15.988] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:37:15.988] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:37:15.988] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:37:15.988] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:37:15.989] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:37:16.175] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-30_49235.1726043314.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280235989, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49235, "dest_port": 50050, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:37:16.175] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:37:16.175] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:37:16.175] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:37:16.175] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:37:19.102] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24047 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domainzwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49217.1726040470.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domainzwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49217.1726040470.jsonl?X-Amz-Expires=604800&X-Amz-Signature=b1bb92778e0647e2c1f4482bcc2aa73e594c237f09d1889ae287c584d6c0ccc4&X-Amz-Date=20251209T113718Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:37:19.102] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:37:19.102] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:37:19.103] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:37:19.103] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:37:19.103] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:37:19.103] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:37:19.289] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domainzwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49217.1726040470.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280239103, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49217, "dest_port": 50050, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:37:19.289] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:37:19.289] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:37:19.289] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:37:19.289] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:37:22.218] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24048 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP.pcap.TCP_192-168-88-24_50050_192-168-88-30_49204.1726039121.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP.pcap.TCP_192-168-88-24_50050_192-168-88-30_49204.1726039121.jsonl?X-Amz-Date=20251209T113721Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=524f32379443268320a3594d4d283910b03d677757f67951cc05edc4bab13e3a&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:37:22.218] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:37:22.218] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:37:22.218] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:37:22.219] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:37:22.219] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:37:22.219] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:37:22.407] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP.pcap.TCP_192-168-88-24_50050_192-168-88-30_49204.1726039121.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280242219, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49204, "dest_port": 50050, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:37:22.407] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:37:22.407] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:37:22.407] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:37:22.407] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:37:25.321] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24049 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogaizwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49259.1726044658.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogaizwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49259.1726044658.jsonl?X-Amz-Date=20251209T113724Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=5aadebb4f701c406de9eeea59ba8ebf21e5c8006c1c06914a3d4d487e83a0259"} [2025-12-09 19:37:25.321] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:37:25.321] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:37:25.321] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:37:25.321] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:37:25.321] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:37:25.322] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:37:25.510] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogaizwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49259.1726044658.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280245322, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49259, "dest_port": 50050, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:37:25.510] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:37:25.510] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:37:25.510] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:37:25.510] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:37:28.430] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25133 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogaizwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49263.1726045043.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogaizwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49263.1726045043.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T113727Z&X-Amz-Expires=604800&X-Amz-Signature=1249f3e4d789a4aea5b44d4c4ba5c88e5345aa0cbed9930f46d8439a56165ae9&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-09 19:37:28.430] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:37:28.430] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:37:28.430] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:37:28.430] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:37:28.430] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:37:28.431] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:37:28.649] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogaizwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49263.1726045043.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280248431, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49263, "dest_port": 50050, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:37:28.649] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:37:28.649] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:37:28.649] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:37:28.649] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:37:31.550] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24801 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-30_49234.1726043311.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-30_49234.1726043311.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=ddc3d1776c5cc479c213d881b31e6e608fee0d08075f8b07a72396aa17fc2769&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T113731Z&X-Amz-Expires=604800"} [2025-12-09 19:37:31.550] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:37:31.550] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:37:31.550] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:37:31.550] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:37:31.550] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:37:31.551] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:37:31.734] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-30_49234.1726043311.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280251551, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49234, "dest_port": 50050, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:37:31.734] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:37:31.734] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:37:31.734] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:37:31.734] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:37:34.664] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24802 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-129_68_192-168-52-254_67.1726192250.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-129_68_192-168-52-254_67.1726192250.jsonl?X-Amz-Date=20251209T113734Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=493223f33328ec50ecd102fc929394f2936f2fbc3269a6c8a628044b382411ac"} [2025-12-09 19:37:34.664] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:37:34.664] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:37:34.665] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:37:34.665] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:37:34.665] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:37:34.665] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:37:34.671] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-129_68_192-168-52-254_67.1726192250.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280254665, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:37:34.671] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:37:34.671] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:37:37.774] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25134 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_0-0-0-0_68_255-255-255-255_67.1726192250.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_0-0-0-0_68_255-255-255-255_67.1726192250.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=1988288b8898a0904928683a79c2aae64c1a94fc2f948810f256f8f0fcf7bf99&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251209T113737Z"} [2025-12-09 19:37:37.774] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:37:37.774] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:37:37.775] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:37:37.775] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:37:37.775] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:37:37.776] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:37:37.787] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_0-0-0-0_68_255-255-255-255_67.1726192250.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280257776, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:37:37.787] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:37:37.787] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:37:40.884] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24050 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726193428.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726193428.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=94097c1beddcb149370e7ebd304a259c35b083351f6f69458f6f467f5a50d27c&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T113740Z&X-Amz-Expires=604800"} [2025-12-09 19:37:40.884] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:37:40.884] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:37:40.884] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:37:40.884] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:37:40.884] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:37:40.885] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:37:40.896] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726193428.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280260885, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:37:40.896] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:37:40.896] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:37:44.002] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24051 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_ls.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726193404.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_ls.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726193404.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T113743Z&X-Amz-SignedHeaders=host&X-Amz-Signature=a45093a2ff541d92480ae089faf0b0605b54badc8de3ef6461fb1d4e30b5f570"} [2025-12-09 19:37:44.002] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:37:44.002] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:37:44.002] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:37:44.002] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:37:44.002] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:37:44.003] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:37:44.014] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_ls.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726193404.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280264003, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:37:44.014] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:37:44.014] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:37:47.139] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24052 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726018271.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726018271.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T113746Z&X-Amz-SignedHeaders=host&X-Amz-Signature=4b8c97b82bb98adb5474c45c01c35d7a2b00ebffe99294b818f7b8afbe355272&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-09 19:37:47.140] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:37:47.140] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:37:47.140] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:37:47.140] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:37:47.140] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:37:47.141] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:37:47.152] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726018271.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280267141, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:37:47.152] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:37:47.152] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:37:50.249] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24053 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_http_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726193257.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_http_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726193257.jsonl?X-Amz-Date=20251209T113749Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=6f4c2e616fe0fa2b19b33aeea35d72e368652e5876dc6266723a91a0518a6863&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:37:50.249] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:37:50.249] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:37:50.250] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:37:50.250] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:37:50.250] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:37:50.251] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:37:50.262] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_http_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726193257.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280270251, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:37:50.262] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:37:50.262] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:37:53.369] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24054 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_https_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726041739.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_https_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726041739.jsonl?X-Amz-Date=20251209T113752Z&X-Amz-Signature=4fc0642c9d6316ee41796d6a73263a197fa42005992360bdf33ce771af14094a&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-09 19:37:53.369] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:37:53.369] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:37:53.369] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:37:53.369] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:37:53.369] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:37:53.370] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:37:53.381] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_https_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726041739.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280273370, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:37:53.381] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:37:53.381] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:37:56.483] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24803 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_http_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726192509.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_http_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726192509.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=9a716e40cf29d0f7acd0755cbbaba9a321553166041cb783f0d2e3cdc3af6ef6&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251209T113756Z"} [2025-12-09 19:37:56.484] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:37:56.484] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:37:56.484] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:37:56.484] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:37:56.484] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:37:56.485] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:37:56.496] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_http_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726192509.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280276485, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:37:56.496] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:37:56.496] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:37:59.596] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24804 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogaitls1.2_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726041863.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogaitls1.2_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726041863.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=299dd6194a42f8161452039f5ebc392fbc55a362db9477117707123d724ca6e7&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T113759Z&X-Amz-Expires=604800"} [2025-12-09 19:37:59.596] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:37:59.596] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:37:59.596] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:37:59.596] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:37:59.596] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:37:59.596] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:37:59.603] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogaitls1.2_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726041863.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280279597, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:37:59.603] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:37:59.603] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:38:02.709] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24055 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726042777.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726042777.jsonl?X-Amz-Date=20251209T113802Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=99fb2e70160fccdee57ddbbca441af3d546ce2a8d4a1c781928288642565db7e&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:38:02.710] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:38:02.710] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:38:02.710] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:38:02.710] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:38:02.710] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:38:02.711] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:38:02.723] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726042777.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280282711, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:38:02.723] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:38:02.723] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:38:05.823] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25135 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogaitls1.2_ls.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726041838.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogaitls1.2_ls.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726041838.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=0c2f9ff9c1e62ea06b1fdfd0b32fcc0a8d2cd1d7c40302689d612b09c3ab9b97&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T113805Z"} [2025-12-09 19:38:05.823] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:38:05.823] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:38:05.823] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:38:05.823] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:38:05.823] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:38:05.824] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:38:05.835] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogaitls1.2_ls.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726041838.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280285824, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:38:05.835] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:38:05.836] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:38:08.942] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25136 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_ls.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726192278.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_ls.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726192278.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T113808Z&X-Amz-Signature=2f69dfb08cfcec0d31d6c073e90545af4cf80e5d5015a20ed43b8f553a6ac8d9"} [2025-12-09 19:38:08.942] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:38:08.942] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:38:08.942] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:38:08.942] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:38:08.942] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:38:08.943] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:38:08.954] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_ls.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726192278.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280288943, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:38:08.954] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:38:08.954] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:38:12.058] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24056 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726192245.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726192245.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T113811Z&X-Amz-Signature=9ffad361ee555c3ce07e032ebf02c1f92ddc93a43478857ebb7e3762f65db50a"} [2025-12-09 19:38:12.058] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:38:12.058] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:38:12.059] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:38:12.059] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:38:12.059] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:38:12.060] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:38:12.071] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726192245.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280292060, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:38:12.071] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:38:12.071] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:38:15.170] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25137 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_ls.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726192066.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_ls.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726192066.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251209T113814Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=306a665900263f62eb31f881ae63e029350572264cce6b665d7c3d8e01c84a26"} [2025-12-09 19:38:15.170] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:38:15.170] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:38:15.171] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:38:15.171] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:38:15.171] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:38:15.172] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:38:15.183] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_ls.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726192066.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280295172, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:38:15.183] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:38:15.183] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:38:18.279] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24805 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_ls.pcap.TCP_192-168-52-1_11584_192-168-52-129_443.1726018234.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_ls.pcap.TCP_192-168-52-1_11584_192-168-52-129_443.1726018234.jsonl?X-Amz-Signature=a271f27fe2cc1e98c5aed0975991bb1f029b8a0c796b6046c2219bd844bb2647&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T113817Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 19:38:18.279] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:38:18.279] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:38:18.279] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:38:18.279] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:38:18.279] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:38:18.280] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:38:18.515] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_ls.pcap.TCP_192-168-52-1_11584_192-168-52-129_443.1726018234.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280298280, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 11584, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:38:18.515] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:38:18.515] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:38:18.515] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:38:18.515] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:38:21.397] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25138 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_54340_192-168-112-135_20846.1727254863.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_54340_192-168-112-135_20846.1727254863.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251209T113820Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=64fabaf026525f33534048baf2ca5f9b9add219f9b0cdbcbd4281f7ce752085e&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:38:21.397] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:38:21.397] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:38:21.397] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:38:21.397] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:38:21.397] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:38:21.398] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:38:21.583] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_54340_192-168-112-135_20846.1727254863.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280301398, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.135", "dest_ip": "192.168.112.1", "protocol": 6, "src_port": 20846, "dest_port": 54340, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:38:21.583] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:38:21.583] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:38:21.583] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:38:21.583] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:38:24.498] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24806 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_54435.1726192250.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_54435.1726192250.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T113823Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=82300e42eaa5f6132404ebd6026532a4ce73f0a0cddfc17da24ccf8250232d78"} [2025-12-09 19:38:24.499] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:38:24.499] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:38:24.499] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:38:24.499] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:38:24.499] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:38:24.499] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:38:24.505] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_54435.1726192250.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280304499, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:38:24.505] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:38:24.505] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:38:27.609] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25139 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_38760.1726192250.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_38760.1726192250.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=4640be7737cb836332560d4859d50be7ea64779f8599617e7ed052c21865fa1d&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T113827Z"} [2025-12-09 19:38:27.610] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:38:27.610] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:38:27.610] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:38:27.610] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:38:27.610] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:38:27.611] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:38:27.622] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_38760.1726192250.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280307611, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:38:27.622] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:38:27.622] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:38:30.718] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24057 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_ls.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726042646.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_ls.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726042646.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T113830Z&X-Amz-Signature=69786d051f8ec7267f590cd372441824e125245e6ed8df0da5a6dd6f7247bdf4&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-09 19:38:30.718] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:38:30.718] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:38:30.718] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:38:30.718] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:38:30.718] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:38:30.719] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:38:30.730] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_ls.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726042646.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280310719, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:38:30.730] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:38:30.730] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:38:33.837] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24807 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.TCP_192-168-52-1_11473_192-168-52-129_38483.1726192244.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.TCP_192-168-52-1_11473_192-168-52-129_38483.1726192244.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T113833Z&X-Amz-Expires=604800&X-Amz-Signature=fe1cdfa7a5b858fb292bdc86aa1986e37b6b9a53ddef4ae758a805aeb4423444&X-Amz-SignedHeaders=host"} [2025-12-09 19:38:33.838] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:38:33.838] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:38:33.838] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:38:33.838] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:38:33.838] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:38:33.839] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:38:34.067] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.TCP_192-168-52-1_11473_192-168-52-129_38483.1726192244.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280313839, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 11473, "dest_port": 38483, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:38:34.067] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:38:34.067] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:38:34.067] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:38:34.067] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:38:36.955] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25140 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_91-189-91-157_123_192-168-52-129_51324.1726192250.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_91-189-91-157_123_192-168-52-129_51324.1726192250.jsonl?X-Amz-Signature=94c3190bb2879f28beca0a49d28d200d16ee533cb0ddfc2e7443297195550e47&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T113836Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-09 19:38:36.955] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:38:36.955] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:38:36.956] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:38:36.956] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:38:36.956] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:38:36.956] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:38:36.962] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_91-189-91-157_123_192-168-52-129_51324.1726192250.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280316956, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:38:36.962] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:38:36.962] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:38:40.077] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24058 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_54490_239-255-255-250_1900.1726192244.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_54490_239-255-255-250_1900.1726192244.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251209T113839Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=626dfbcc158671e3a1e0ecae04e4c7326c2e9b06807c670724298ede45af6542"} [2025-12-09 19:38:40.077] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:38:40.078] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:38:40.078] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:38:40.078] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:38:40.078] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:38:40.081] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:38:40.093] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_54490_239-255-255-250_1900.1726192244.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280320081, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:38:40.094] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:38:40.094] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:38:43.179] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25141 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_ls.pcap.TCP_192-168-52-1_13283_192-168-52-129_38483.1726193408.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_ls.pcap.TCP_192-168-52-1_13283_192-168-52-129_38483.1726193408.jsonl?X-Amz-Date=20251209T113842Z&X-Amz-Signature=2892ee530647f01eca72c88e3a38a7cf9a98d281c785700058c638eb9f1010e7&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 19:38:43.179] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:38:43.179] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:38:43.180] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:38:43.180] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:38:43.180] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:38:43.180] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:38:43.412] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_ls.pcap.TCP_192-168-52-1_13283_192-168-52-129_38483.1726193408.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280323181, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 13283, "dest_port": 38483, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:38:43.412] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:38:43.412] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:38:43.412] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:38:43.412] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:38:46.293] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25142 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_cat.pcap.TCP_192-168-52-1_12200_192-168-52-129_38483.1726018581.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_cat.pcap.TCP_192-168-52-1_12200_192-168-52-129_38483.1726018581.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=b66d5be30c1149c9178b4741c611e958afe0dd511b23d3f60732d65f273c6e4e&X-Amz-Date=20251209T113845Z"} [2025-12-09 19:38:46.294] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:38:46.294] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:38:46.294] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:38:46.294] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:38:46.294] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:38:46.294] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:38:46.483] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_cat.pcap.TCP_192-168-52-1_12200_192-168-52-129_38483.1726018581.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280326294, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 12200, "dest_port": 38483, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:38:46.483] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:38:46.483] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:38:46.483] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:38:46.483] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:38:49.410] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25143 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_ls.pcap.TCP_192-168-52-1_12200_192-168-52-129_38483.1726018536.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_ls.pcap.TCP_192-168-52-1_12200_192-168-52-129_38483.1726018536.jsonl?X-Amz-Date=20251209T113848Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=79859a585f23e6ef3db55d081ddcfcfe826fefd6d59a85f00130de8ac368a92f&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-09 19:38:49.410] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:38:49.410] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:38:49.410] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:38:49.410] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:38:49.410] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:38:49.411] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:38:49.595] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_ls.pcap.TCP_192-168-52-1_12200_192-168-52-129_38483.1726018536.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280329411, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 12200, "dest_port": 38483, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:38:49.595] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:38:49.595] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:38:49.595] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:38:49.595] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:38:52.525] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25144 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__http_ls.pcap.TCP_192-168-52-1_11853_192-168-52-129_38483.1726192481.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__http_ls.pcap.TCP_192-168-52-1_11853_192-168-52-129_38483.1726192481.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251209T113852Z&X-Amz-Signature=e092d92c88cf84995c4a48ec88ef93b5ea2279f20dea3c5d2c0c99599269037c"} [2025-12-09 19:38:52.525] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:38:52.525] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:38:52.525] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:38:52.525] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:38:52.525] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:38:52.526] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:38:52.709] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__http_ls.pcap.TCP_192-168-52-1_11853_192-168-52-129_38483.1726192481.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280332526, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 11853, "dest_port": 38483, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:38:52.709] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:38:52.709] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:38:52.709] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:38:52.709] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:38:55.635] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24808 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.TCP_192-168-52-1_42674_192-168-52-129_38483.1726042673.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.TCP_192-168-52-1_42674_192-168-52-129_38483.1726042673.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251209T113855Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=790b19a87fcec564027b0f07ef8b2c839d246b95fa192f3113236e808db7cbc9"} [2025-12-09 19:38:55.635] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:38:55.636] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:38:55.636] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:38:55.636] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:38:55.636] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:38:55.636] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:38:55.825] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.TCP_192-168-52-1_42674_192-168-52-129_38483.1726042673.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280335636, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 42674, "dest_port": 38483, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:38:55.825] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:38:55.825] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:38:55.825] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:38:55.825] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:38:58.748] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24059 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.TCP_192-168-52-1_42675_192-168-52-129_38483.1726042673.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.TCP_192-168-52-1_42675_192-168-52-129_38483.1726042673.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T113858Z&X-Amz-SignedHeaders=host&X-Amz-Signature=5195c54f11052953b3952fe4428314766c6c896d4c7f6d058af11ea5ac580480&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:38:58.748] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:38:58.748] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:38:58.748] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:38:58.748] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:38:58.748] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:38:58.749] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:38:58.976] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.TCP_192-168-52-1_42675_192-168-52-129_38483.1726042673.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280338749, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 42675, "dest_port": 38483, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:38:58.976] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:38:58.976] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:38:58.976] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:38:58.976] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:39:01.863] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24060 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.TCP_192-168-52-1_42677_192-168-52-129_38483.1726042673.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.TCP_192-168-52-1_42677_192-168-52-129_38483.1726042673.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251209T113901Z&X-Amz-Signature=c9ee26a644f170e4c0ff96a5679ce22092c7e64cbf07c9078357aded57395364"} [2025-12-09 19:39:01.864] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:39:01.864] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:39:01.864] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:39:01.864] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:39:01.864] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:39:01.864] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:39:02.047] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.TCP_192-168-52-1_42677_192-168-52-129_38483.1726042673.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280341864, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 42677, "dest_port": 38483, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:39:02.047] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:39:02.047] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:39:02.047] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:39:02.047] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:39:04.976] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25145 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_whoami.pcap.TCP_192-168-52-1_42676_192-168-52-129_38483.1726042729.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_whoami.pcap.TCP_192-168-52-1_42676_192-168-52-129_38483.1726042729.jsonl?X-Amz-Signature=fb0d8dab7c05704658a1f4bf62f422f2cdfebf8a6450e1c1ec4c64aa823d9bfb&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T113904Z&X-Amz-Expires=604800"} [2025-12-09 19:39:04.976] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:39:04.976] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:39:04.976] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:39:04.976] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:39:04.976] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:39:04.976] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:39:05.162] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_whoami.pcap.TCP_192-168-52-1_42676_192-168-52-129_38483.1726042729.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280344976, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 42676, "dest_port": 38483, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:39:05.162] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:39:05.162] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:39:05.162] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:39:05.162] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:39:08.091] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25146 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_whoami.pcap.TCP_192-168-52-1_19948_192-168-52-129_38483.1725954691.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_whoami.pcap.TCP_192-168-52-1_19948_192-168-52-129_38483.1725954691.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=093a773117e1ffc4d276dc77169d2a9253592705bf975e573a14543acb54d67e&X-Amz-Date=20251209T113907Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:39:08.092] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:39:08.092] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:39:08.092] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:39:08.092] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:39:08.092] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:39:08.092] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:39:08.281] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_whoami.pcap.TCP_192-168-52-1_19948_192-168-52-129_38483.1725954691.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280348093, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 19948, "dest_port": 38483, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:39:08.281] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:39:08.281] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:39:08.281] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:39:08.281] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:39:11.203] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24809 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_54340_192-168-112-135_20846.1727254938.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_54340_192-168-112-135_20846.1727254938.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T113910Z&X-Amz-Signature=76e631609f37a1caf16b1f18eb30fdaec361c9f6ee0b2ac95a15528be5202632&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-09 19:39:11.203] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:39:11.203] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:39:11.204] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:39:11.204] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:39:11.204] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:39:11.204] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:39:11.388] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_54340_192-168-112-135_20846.1727254938.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280351204, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.135", "dest_ip": "192.168.112.1", "protocol": 6, "src_port": 20846, "dest_port": 54340, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:39:11.388] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:39:11.388] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:39:11.388] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:39:11.388] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:39:14.318] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24810 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54842_192-168-112-135_8080.1726627265.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54842_192-168-112-135_8080.1726627265.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=c031561e08aacea672642a51ac19157906df100ab5d609bac7446ae721a3b023&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T113913Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:39:14.318] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:39:14.318] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:39:14.318] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:39:14.318] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:39:14.318] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:39:14.319] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:39:14.504] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54842_192-168-112-135_8080.1726627265.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280354319, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.135", "dest_ip": "192.168.112.1", "protocol": 6, "src_port": 8080, "dest_port": 54842, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:39:14.504] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:39:14.504] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:39:14.504] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:39:14.504] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:39:17.430] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25147 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54843_192-168-112-135_8080.1726627265.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54843_192-168-112-135_8080.1726627265.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T113916Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=24960b5802d4556e88c537519992c39745dd50f5927399cba22bea701476f2db&X-Amz-Expires=604800"} [2025-12-09 19:39:17.430] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:39:17.430] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:39:17.430] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:39:17.430] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:39:17.430] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:39:17.430] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:39:17.618] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54843_192-168-112-135_8080.1726627265.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280357431, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.135", "dest_ip": "192.168.112.1", "protocol": 6, "src_port": 8080, "dest_port": 54843, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:39:17.618] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:39:17.618] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:39:17.618] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:39:17.618] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:39:20.531] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25148 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726042672.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726042672.jsonl?X-Amz-Date=20251209T113920Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=607b119984429ceb7c8aba23857a2cefab06bde60fe1c7c663b1b76b08ab1085&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:39:20.531] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:39:20.531] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:39:20.532] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:39:20.532] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:39:20.532] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:39:20.532] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:39:20.538] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726042672.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280360532, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:39:20.538] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:39:20.538] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:39:23.645] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24811 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_61594_ff02--1-3_5355.1726192245.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_61594_ff02--1-3_5355.1726192245.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251209T113923Z&X-Amz-SignedHeaders=host&X-Amz-Signature=1dbd4572c1ea9fcf99591ff1e59106c22ba70823914b7c91202637949ad8d108&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:39:23.645] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:39:23.645] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:39:23.645] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:39:23.645] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:39:23.645] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:39:23.646] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:39:23.658] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_61594_ff02--1-3_5355.1726192245.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280363647, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:39:23.658] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:39:23.658] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:39:26.759] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24812 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_63753_ff02--1-3_5355.1726192245.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_63753_ff02--1-3_5355.1726192245.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251209T113926Z&X-Amz-SignedHeaders=host&X-Amz-Signature=8a6491dda47bbe54de9f244acf91d4ad5f6b3fb3e1b95849dbc99534cfc76cf1&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:39:26.759] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:39:26.759] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:39:26.759] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:39:26.759] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:39:26.759] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:39:26.760] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:39:26.772] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_63753_ff02--1-3_5355.1726192245.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280366761, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:39:26.772] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:39:26.772] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:39:29.868] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25149 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_61594_224-0-0-252_5355.1726192245.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_61594_224-0-0-252_5355.1726192245.jsonl?X-Amz-Date=20251209T113929Z&X-Amz-Signature=1d33240c5673d5124c5c79b6a78e52ff93ff67f5e42ae79d99020c1dd92c7336&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-09 19:39:29.868] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:39:29.868] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:39:29.868] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:39:29.868] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:39:29.869] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:39:29.869] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:39:29.881] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_61594_224-0-0-252_5355.1726192245.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280369870, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:39:29.881] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:39:29.881] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:39:32.977] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24813 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_63753_224-0-0-252_5355.1726192245.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_63753_224-0-0-252_5355.1726192245.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=8f974c8386419e85dd684d3eede9d1273e4388b4469143c2eb61a8de1ccf711c&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T113932Z"} [2025-12-09 19:39:32.977] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:39:32.977] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:39:32.977] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:39:32.977] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:39:32.977] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:39:32.978] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:39:32.989] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_63753_224-0-0-252_5355.1726192245.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280372978, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:39:32.989] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:39:32.989] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:41:49.853] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24061 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51265.1726800660.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51265.1726800660.jsonl?X-Amz-Signature=7203531e7440800de152ebe66638c46c90c4fc166d6a050976f817da7d8798bb&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T114149Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:41:49.853] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:41:49.853] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:41:49.853] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:41:49.853] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:41:49.853] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:41:49.854] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:41:50.089] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51265.1726800660.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280509854, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51265, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.8870828047759287, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:41:50.089] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:41:50.089] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:41:50.089] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:41:50.089] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:41:52.968] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24062 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51762.1726813550.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51762.1726813550.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=83a41e7c9c16572e9911ee962e9f0939bea76934de257ed0b9eb6ac7afef9d6a&X-Amz-Date=20251209T114152Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 19:41:52.968] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:41:52.968] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:41:52.968] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:41:52.968] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:41:52.968] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:41:52.969] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:41:53.158] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51762.1726813550.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280512969, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51762, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.865003353805995, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:41:53.158] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:41:53.158] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:41:53.158] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:41:53.158] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:41:56.084] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24814 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51865.1726816544.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51865.1726816544.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251209T114155Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=81d7d9722aca6be533a1defebc8fa28843f72cc6cbd93609dfeadb0168317047"} [2025-12-09 19:41:56.084] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:41:56.084] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:41:56.084] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:41:56.084] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:41:56.085] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:41:56.085] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:41:56.270] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51865.1726816544.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280516085, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51865, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5080692700085622, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:41:56.270] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:41:56.270] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:41:56.270] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:41:56.270] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:41:59.197] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24063 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51871.1726816695.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51871.1726816695.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=a09f9c8dffb24c70f96404f87c4e80306265c111a1a8302a2ad3eded728e9988&X-Amz-Date=20251209T114158Z"} [2025-12-09 19:41:59.198] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:41:59.198] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:41:59.198] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:41:59.198] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:41:59.198] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:41:59.198] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:41:59.383] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51871.1726816695.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280519198, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51871, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5734997034085443, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:41:59.383] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:41:59.383] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:41:59.383] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:41:59.383] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:42:02.313] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25150 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51109.1726795427.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51109.1726795427.jsonl?X-Amz-Signature=8fdc5683b3f68226606a46da2ac4d9baff534bfe3ff0c7b4d78d25cee6393039&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T114201Z"} [2025-12-09 19:42:02.313] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:42:02.313] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:42:02.314] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:42:02.314] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:42:02.314] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:42:02.314] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:42:02.503] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51109.1726795427.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280522314, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51109, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7797161693223945, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:42:02.503] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:42:02.503] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:42:02.503] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:42:02.503] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:42:05.431] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24064 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51115.1726795578.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51115.1726795578.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T114204Z&X-Amz-Signature=a6e402bcb7adf9e310a1f24a9ed456d0e1a62b33bc0199f9e8bf2b09fe870aeb"} [2025-12-09 19:42:05.431] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:42:05.431] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:42:05.431] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:42:05.431] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:42:05.431] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:42:05.432] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:42:05.617] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51115.1726795578.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280525432, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51115, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6497119181245019, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:42:05.617] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:42:05.617] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:42:05.617] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:42:05.617] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:42:08.571] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24815 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51817.1726815043.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51817.1726815043.jsonl?X-Amz-Date=20251209T114208Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=f15e6604269c0cf8d8ae85348f74b4d4de82257a9f1367397fe744d0c604718f&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:42:08.571] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:42:08.571] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:42:08.571] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:42:08.572] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:42:08.572] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:42:08.572] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:42:08.757] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51817.1726815043.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280528572, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51817, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.9905808671595859, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:42:08.757] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:42:08.757] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:42:08.757] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:42:08.757] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:42:11.685] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24816 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51765.1726813641.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51765.1726813641.jsonl?X-Amz-Signature=8e758a9dbdc5ebe09b63e2c56dcfae5ad55c02e6332628f00c0ac9c82fadf8db&X-Amz-Date=20251209T114211Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-09 19:42:11.686] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:42:11.686] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:42:11.686] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:42:11.686] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:42:11.686] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:42:11.686] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:42:11.872] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51765.1726813641.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280531686, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51765, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.9918547827309265, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:42:11.872] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:42:11.872] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:42:11.872] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:42:11.872] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:42:14.796] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24817 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51771.1726813793.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51771.1726813793.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T114214Z&X-Amz-Expires=604800&X-Amz-Signature=23feefd00f73ad9cc7a9d2f7422279cd6329d90b4a1a6e6fdcc32d02905fb16c&X-Amz-SignedHeaders=host"} [2025-12-09 19:42:14.796] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:42:14.796] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:42:14.796] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:42:14.796] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:42:14.796] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:42:14.797] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:42:14.994] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51771.1726813793.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280534797, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51771, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.9958367333381308, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:42:14.994] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:42:14.994] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:42:14.994] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:42:14.994] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:42:17.913] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24065 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51219.1726799511.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51219.1726799511.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T114217Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=d60a0b795fb8340ac5398bb49ab94b07a5b6f7935f24e9e1d04f09fe4eed63cc&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:42:17.913] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:42:17.913] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:42:17.913] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:42:17.914] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:42:17.914] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:42:17.914] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:42:18.099] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51219.1726799511.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280537914, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51219, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.675247694982502, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:42:18.099] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:42:18.099] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:42:18.099] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:42:18.099] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:42:21.016] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25151 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51225.1726799663.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51225.1726799663.jsonl?X-Amz-Date=20251209T114220Z&X-Amz-SignedHeaders=host&X-Amz-Signature=25f73e9e524d6441955ee5a3de8d5e0177f0ab713f39cb2500d753180afffd58&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:42:21.017] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:42:21.017] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:42:21.017] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:42:21.017] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:42:21.017] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:42:21.017] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:42:21.202] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51225.1726799663.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280541018, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51225, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.6130112177499187, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:42:21.202] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:42:21.202] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:42:21.202] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:42:21.202] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:42:24.130] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24818 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54847_192-168-112-135_8443.1726627266.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54847_192-168-112-135_8443.1726627266.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T114223Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=d685df2a461971ff0d585e1b2d37ea40733415d0cd4ade093c158fccc544c9a2"} [2025-12-09 19:42:24.130] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:42:24.130] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:42:24.130] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:42:24.130] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:42:24.130] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:42:24.131] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:42:24.316] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54847_192-168-112-135_8443.1726627266.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280544131, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54847, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.981962657808915, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:42:24.316] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:42:24.316] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:42:24.316] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:42:24.316] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:42:27.253] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24819 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43320.1726308954.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43320.1726308954.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T114226Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=a1987e4fe79a1117113b7a94e5efb5ca8ff90a5d9789968ba2cd5adf21eed65e"} [2025-12-09 19:42:27.253] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:42:27.253] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:42:27.253] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:42:27.253] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:42:27.253] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:42:27.253] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:42:27.438] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43320.1726308954.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280547254, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "218.26.55.102", "dest_ip": "10.0.4.15", "protocol": 6, "src_port": 43320, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9990477543978051, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 19:42:27.438] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:42:27.438] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:42:27.438] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:42:27.438] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:42:30.366] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24066 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41406_192-168-163-23_80.1726204637.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41406_192-168-163-23_80.1726204637.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T114229Z&X-Amz-SignedHeaders=host&X-Amz-Signature=2fb2c5b45e9fb47d1cc2d4a054881400bdf094dbc35f1b0a591d5b81e8c4c720"} [2025-12-09 19:42:30.367] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:42:30.367] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:42:30.367] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:42:30.368] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:42:30.368] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:42:30.368] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:42:30.564] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41406_192-168-163-23_80.1726204637.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280550368, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41406, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:42:30.564] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:42:30.564] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:42:30.564] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:42:30.564] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:42:33.476] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25152 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41741_192-168-163-23_80.1726206262.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41741_192-168-163-23_80.1726206262.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T114232Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=9648fbc6e07ed1b773389e6b571455150e64b12e81c508c85ecd11bf96f0bbdb"} [2025-12-09 19:42:33.476] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:42:33.476] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:42:33.476] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:42:33.476] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:42:33.476] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:42:33.477] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:42:33.690] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41741_192-168-163-23_80.1726206262.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280553477, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41741, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:42:33.690] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:42:33.690] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:42:33.690] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:42:33.690] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:42:36.588] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24067 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41359_192-168-163-23_80.1726204301.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41359_192-168-163-23_80.1726204301.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=406f20b4ee3fe0ecf6479fc55a0bfa2ece83d10473a8378eda1525e0fa12ef61&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T114236Z&X-Amz-Expires=604800"} [2025-12-09 19:42:36.588] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:42:36.588] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:42:36.589] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:42:36.589] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:42:36.589] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:42:36.589] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:42:36.771] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41359_192-168-163-23_80.1726204301.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280556589, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41359, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:42:36.771] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:42:36.771] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:42:36.771] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:42:36.771] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:42:39.710] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24068 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41729_192-168-163-23_80.1726206210.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41729_192-168-163-23_80.1726206210.jsonl?X-Amz-Signature=181fdcfcd772862e51244883a324f641725d139c40a860f43686f084568b993a&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T114239Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 19:42:39.711] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:42:39.711] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:42:39.711] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:42:39.711] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:42:39.711] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:42:39.711] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:42:39.891] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41729_192-168-163-23_80.1726206210.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280559711, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41729, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:42:39.891] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:42:39.891] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:42:39.891] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:42:39.891] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:42:42.830] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25153 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41419_192-168-163-23_80.1726204676.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41419_192-168-163-23_80.1726204676.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=cb413cc64ea5eb6f294c492f56d2453bb7be73c43e40bda51ffe32c03352831a&X-Amz-Date=20251209T114242Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-09 19:42:42.830] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:42:42.830] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:42:42.830] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:42:42.830] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:42:42.830] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:42:42.831] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:42:43.015] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41419_192-168-163-23_80.1726204676.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280562831, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41419, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:42:43.015] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:42:43.015] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:42:43.015] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:42:43.015] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:42:45.942] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25154 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41744_192-168-163-23_80.1726206276.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41744_192-168-163-23_80.1726206276.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T114245Z&X-Amz-Expires=604800&X-Amz-Signature=a77ed5ba861f9bdffe8a203f79f97f2801f96ad584981058135ce81668340223&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:42:45.942] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:42:45.942] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:42:45.942] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:42:45.942] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:42:45.942] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:42:45.943] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:42:46.126] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41744_192-168-163-23_80.1726206276.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280565943, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41744, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:42:46.126] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:42:46.126] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:42:46.126] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:42:46.126] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:42:49.054] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25155 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID74_godzilla_2.96_aspx_windowsserver2008r2.pcap.UDP_fe80--44cc-94ba-3a1b-84ca_5353_ff02--fb_5353.1726129620.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID74_godzilla_2.96_aspx_windowsserver2008r2.pcap.UDP_fe80--44cc-94ba-3a1b-84ca_5353_ff02--fb_5353.1726129620.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=a593837c9fcd733a4d36996addb0804e20e4a94864d4692222adf31dd0af8461&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251209T114248Z"} [2025-12-09 19:42:49.055] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:42:49.055] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:42:49.055] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:42:49.055] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:42:49.055] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:42:49.056] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:42:49.062] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID74_godzilla_2.96_aspx_windowsserver2008r2.pcap.UDP_fe80--44cc-94ba-3a1b-84ca_5353_ff02--fb_5353.1726129620.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280569056, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:42:49.062] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:42:49.062] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:42:52.169] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24820 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID75_godzilla_3.0.3_aspx_windowsserver2008r2.pcap.UDP_fe80--44cc-94ba-3a1b-84ca_5353_ff02--fb_5353.1726129499.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID75_godzilla_3.0.3_aspx_windowsserver2008r2.pcap.UDP_fe80--44cc-94ba-3a1b-84ca_5353_ff02--fb_5353.1726129499.jsonl?X-Amz-Expires=604800&X-Amz-Signature=fed5726e38683ca97f89f17468733b9ede04994f0f47f47673e4ff99b9aca40a&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T114251Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-09 19:42:52.169] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:42:52.169] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:42:52.169] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:42:52.169] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:42:52.169] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:42:52.170] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:42:52.182] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID75_godzilla_3.0.3_aspx_windowsserver2008r2.pcap.UDP_fe80--44cc-94ba-3a1b-84ca_5353_ff02--fb_5353.1726129499.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280572171, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:42:52.182] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:42:52.182] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:42:55.286] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24069 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.UDP_10-0-4-15_3389_111-53-218-171_51842.1726283914.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.UDP_10-0-4-15_3389_111-53-218-171_51842.1726283914.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251209T114254Z&X-Amz-SignedHeaders=host&X-Amz-Signature=dd62cb59a66c56b448a79c324e5a20c6cfa11ac98695fa43c365673f2c5f09b2&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:42:55.287] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:42:55.287] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:42:55.287] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:42:55.287] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:42:55.287] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:42:55.288] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:42:55.299] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.UDP_10-0-4-15_3389_111-53-218-171_51842.1726283914.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280575288, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:42:55.299] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:42:55.299] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:42:58.399] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25156 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID74_godzilla_2.96_aspx_windowsserver2008r2.pcap.UDP_192-168-17-1_5353_224-0-0-251_5353.1726129620.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID74_godzilla_2.96_aspx_windowsserver2008r2.pcap.UDP_192-168-17-1_5353_224-0-0-251_5353.1726129620.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251209T114257Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=0eff97b0549b69a0b28569c507e8416c57a3338121f58f1542f9790d3101b0cd"} [2025-12-09 19:42:58.399] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:42:58.399] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:42:58.399] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:42:58.399] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:42:58.399] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:42:58.400] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:42:58.412] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID74_godzilla_2.96_aspx_windowsserver2008r2.pcap.UDP_192-168-17-1_5353_224-0-0-251_5353.1726129620.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280578401, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:42:58.412] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:42:58.412] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:43:01.512] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24070 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID75_godzilla_3.0.3_aspx_windowsserver2008r2.pcap.UDP_192-168-17-1_5353_224-0-0-251_5353.1726129499.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID75_godzilla_3.0.3_aspx_windowsserver2008r2.pcap.UDP_192-168-17-1_5353_224-0-0-251_5353.1726129499.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T114300Z&X-Amz-Signature=2487490448fc0af75bcc98f7061cdb16b5a97a8dface5e1cf31e7bc5634cf779&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:43:01.513] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:43:01.513] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:43:01.513] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:43:01.513] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:43:01.513] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:43:01.514] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:43:01.525] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID75_godzilla_3.0.3_aspx_windowsserver2008r2.pcap.UDP_192-168-17-1_5353_224-0-0-251_5353.1726129499.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280581514, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:43:01.525] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:43:01.525] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:43:04.629] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25157 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_57515_192-168-32-40_80.1726196706.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_57515_192-168-32-40_80.1726196706.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251209T114304Z&X-Amz-Signature=42a25bd34333d1362951e111d8b82d0561cbafe16cde17586e31be583fa2ea12&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-09 19:43:04.629] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:43:04.629] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:43:04.629] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:43:04.629] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:43:04.629] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:43:04.630] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:43:04.859] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_57515_192-168-32-40_80.1726196706.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280584630, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "protocol": 6, "src_port": 57515, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:43:04.859] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:43:04.859] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:43:04.859] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:43:04.859] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:43:07.742] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24071 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43330_192-168-37-136_8443.1727255874.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43330_192-168-37-136_8443.1727255874.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=3ea026a09632639da291f4d62827313a2c0492645a41fa0b59532353f60483f0&X-Amz-Date=20251209T114307Z&X-Amz-SignedHeaders=host"} [2025-12-09 19:43:07.742] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:43:07.742] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:43:07.742] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:43:07.742] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:43:07.742] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:43:07.743] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:43:07.929] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43330_192-168-37-136_8443.1727255874.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280587743, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 43330, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9999991656797786, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:43:07.929] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:43:07.929] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:43:07.929] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:43:07.929] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:43:10.855] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24821 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_http.pcap.TCP_192-168-112-1_64657_192-168-112-135_8080.1726218782.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_http.pcap.TCP_192-168-112-1_64657_192-168-112-135_8080.1726218782.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251209T114310Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=4fc381809f7d186a18b5498f5c5af16b830d73012261b2797916a72b683aa7b7"} [2025-12-09 19:43:10.855] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:43:10.855] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:43:10.855] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:43:10.855] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:43:10.855] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:43:10.856] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:43:11.038] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_http.pcap.TCP_192-168-112-1_64657_192-168-112-135_8080.1726218782.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280590856, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 64657, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:43:11.038] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:43:11.039] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:43:11.039] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:43:11.039] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:43:13.963] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24072 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49195.1727228342.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49195.1727228342.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=69b59006c717191195e20bdce69229006ab686e44dc3fdb33419bac271dd2a7d&X-Amz-Date=20251209T114313Z"} [2025-12-09 19:43:13.963] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:43:13.963] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:43:13.963] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:43:13.963] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:43:13.963] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:43:13.964] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:43:14.150] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49195.1727228342.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280593965, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49195, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9123586151413057, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:43:14.150] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:43:14.150] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:43:14.150] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:43:14.150] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:43:17.079] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24073 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49205.1727228345.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49205.1727228345.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=f501a32f0172b6ccb7e6bd63337d16e81a534bf8b89a3eb45c6a8f780b7e4f4c&X-Amz-Date=20251209T114316Z"} [2025-12-09 19:43:17.079] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:43:17.079] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:43:17.079] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:43:17.079] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:43:17.079] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:43:17.080] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:43:17.265] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49205.1727228345.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280597080, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49205, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9723429172454786, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:43:17.265] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:43:17.265] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:43:17.265] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:43:17.265] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:43:20.189] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25158 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49214.1727228347.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49214.1727228347.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T114319Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=98686c832cef7b02c75335628375af607e6e5ead348ab370ff9235b0cb450826&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:43:20.189] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:43:20.189] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:43:20.189] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:43:20.189] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:43:20.189] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:43:20.189] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:43:20.408] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49214.1727228347.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280600189, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49214, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.5229356293541297, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:43:20.409] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:43:20.409] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:43:20.409] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:43:20.409] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:43:23.297] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24074 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49163.1727228334.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49163.1727228334.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T114322Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=ef3fdeacc90ba6bf94858e69f1d3a6fb83d7cba95e504f670372cc0c48ff2497"} [2025-12-09 19:43:23.297] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:43:23.298] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:43:23.298] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:43:23.298] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:43:23.298] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:43:23.298] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:43:23.484] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49163.1727228334.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280603298, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49163, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9627407074253814, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:43:23.484] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:43:23.484] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:43:23.484] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:43:23.484] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:43:26.417] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24822 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54671_192-168-112-135_8080.1726627028.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54671_192-168-112-135_8080.1726627028.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T114325Z&X-Amz-Signature=e0745e076f6f441bd59a1d7b08138dcf8df70d7b2910688899527c42b5365ed5&X-Amz-SignedHeaders=host"} [2025-12-09 19:43:26.417] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:43:26.417] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:43:26.417] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:43:26.417] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:43:26.417] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:43:26.417] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:43:26.601] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54671_192-168-112-135_8080.1726627028.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280606418, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54671, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:43:26.601] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:43:26.601] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:43:26.601] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:43:26.601] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:43:29.532] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24075 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726192244.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726192244.jsonl?X-Amz-Date=20251209T114329Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=30d6575a0e22035a5419aad539a5737456cc7aa161c88c70ad72801ea41b4bf6&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-09 19:43:29.533] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:43:29.533] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:43:29.533] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:43:29.533] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:43:29.533] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:43:29.533] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:43:29.540] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726192244.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280609533, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:43:29.540] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:43:29.540] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:43:32.634] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25159 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49162.1727228273.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49162.1727228273.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T114332Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=ded828895367fb9a7314f6bef4dde3f705004b9d08552706afd03fea0c9f2a04"} [2025-12-09 19:43:32.634] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:43:32.634] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:43:32.635] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:43:32.635] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:43:32.635] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:43:32.636] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:43:32.866] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49162.1727228273.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280612636, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49162, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9793434577408894, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:43:32.866] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:43:32.866] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:43:32.866] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:43:32.866] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:43:35.759] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24823 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49164.1727228334.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49164.1727228334.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T114335Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=a85d4630840b2e73aea663bfd783c4098e0082236c68576095df7056d95a8e0a"} [2025-12-09 19:43:35.759] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:43:35.759] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:43:35.759] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:43:35.760] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:43:35.760] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:43:35.760] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:43:35.945] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49164.1727228334.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280615760, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49164, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8128356571279334, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:43:35.945] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:43:35.945] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:43:35.945] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:43:35.945] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:43:38.875] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25160 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49165.1727228334.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49165.1727228334.jsonl?X-Amz-Date=20251209T114338Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=8cf6eb1afd43ab409e620019bd02ed349978e1ab803ddc6a56218504e64e86e7&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:43:38.875] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:43:38.875] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:43:38.875] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:43:38.875] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:43:38.875] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:43:38.876] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:43:39.061] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49165.1727228334.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280618876, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49165, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.8394237974606074, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:43:39.061] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:43:39.061] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:43:39.061] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:43:39.061] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:43:41.991] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25161 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49166.1727228334.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49166.1727228334.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=3bde7cc92ab894305c98cabf9cdc253894c15ff43e6e91ee6bbb56470b1eda71&X-Amz-Date=20251209T114341Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:43:41.991] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:43:41.991] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:43:41.991] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:43:41.991] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:43:41.991] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:43:41.992] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:43:42.176] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49166.1727228334.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280621992, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49166, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9173394690609071, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:43:42.176] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:43:42.176] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:43:42.176] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:43:42.176] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:43:45.105] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24076 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49167.1727228335.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49167.1727228335.jsonl?X-Amz-Signature=39f56153790bd2e81902324415b8d1379f5b3d61468d283fbaa073d646dc0fbd&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T114344Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:43:45.105] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:43:45.105] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:43:45.105] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:43:45.105] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:43:45.105] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:43:45.106] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:43:45.299] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49167.1727228335.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280625106, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49167, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9728084570498172, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:43:45.299] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:43:45.299] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:43:45.299] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:43:45.299] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:43:48.212] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25162 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49178.1727228337.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49178.1727228337.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=e76b2f49680ab9172afcfad66fa65091656faba894fd6efd7ace6c892d89a7fd&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T114347Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-09 19:43:48.212] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:43:48.212] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:43:48.212] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:43:48.212] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:43:48.212] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:43:48.213] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:43:48.411] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49178.1727228337.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280628213, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49178, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6771831112316992, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:43:48.411] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:43:48.411] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:43:48.411] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:43:48.411] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:43:51.328] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24824 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49179.1727228338.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49179.1727228338.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=61087b12ea4bab48ba210569be5e36bf5a4b74067eaefac2626137971e68a65f&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T114350Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-09 19:43:51.328] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:43:51.328] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:43:51.329] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:43:51.329] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:43:51.329] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:43:51.329] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:43:51.518] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49179.1727228338.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280631329, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49179, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.8664756844436504, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:43:51.518] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:43:51.518] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:43:51.518] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:43:51.518] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:43:54.439] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25163 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49180.1727228338.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49180.1727228338.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T114353Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=402544ec6f7e3f99bf10b98f046d3f1f3efedc5ba83ebb35da1473467643346a"} [2025-12-09 19:43:54.439] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:43:54.439] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:43:54.439] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:43:54.439] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:43:54.439] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:43:54.440] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:43:54.625] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49180.1727228338.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280634440, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49180, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9388282249369555, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:43:54.625] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:43:54.625] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:43:54.625] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:43:54.625] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:43:57.553] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25164 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49181.1727228338.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49181.1727228338.jsonl?X-Amz-Date=20251209T114357Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=e02184e3fb47091eeaf1116b2970f87c0ed072052f6b6fb98673e24888b41d28&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:43:57.553] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:43:57.553] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:43:57.553] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:43:57.553] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:43:57.553] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:43:57.553] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:43:57.739] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49181.1727228338.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280637554, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49181, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.7556896616318012, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:43:57.739] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:43:57.739] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:43:57.739] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:43:57.739] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:44:00.666] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24077 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49182.1727228338.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49182.1727228338.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=da80b21c410564a4525ab5f588ae8350ac2bf3469fc6bd103db22058b8b0e64a&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T114400Z"} [2025-12-09 19:44:00.666] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:44:00.666] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:44:00.667] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:44:00.667] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:44:00.667] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:44:00.667] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:44:00.853] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49182.1727228338.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280640667, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49182, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.609915037944741, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:44:00.853] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:44:00.853] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:44:00.853] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:44:00.853] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:44:03.781] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24825 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49183.1727228339.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49183.1727228339.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T114403Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=bd022194563835745518b1ba2defd459d8dda9343f579a605ea12c046d4329ce"} [2025-12-09 19:44:03.782] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:44:03.782] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:44:03.782] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:44:03.782] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:44:03.782] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:44:03.783] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:44:03.981] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49183.1727228339.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280643783, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49183, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9992367437755522, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:44:03.981] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:44:03.981] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:44:03.981] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:44:03.981] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:44:06.894] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24826 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49184.1727228339.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49184.1727228339.jsonl?X-Amz-Signature=4fb79a298bffe709a0fa3d4cccd1afe509989e6581d950f3f1e3e91a8a5605b4&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T114406Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-09 19:44:06.894] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:44:06.894] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:44:06.894] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:44:06.894] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:44:06.894] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:44:06.895] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:44:07.080] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49184.1727228339.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280646895, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49184, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.999831430703893, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:44:07.080] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:44:07.080] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:44:07.080] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:44:07.080] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:44:10.020] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25165 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49185.1727228339.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49185.1727228339.jsonl?X-Amz-Signature=4342dfa405f5a4b09203c079a9c95bef2f806d30e3e7317d51e35ef6fa53e0d5&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T114409Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-09 19:44:10.020] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:44:10.020] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:44:10.020] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:44:10.020] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:44:10.020] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:44:10.021] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:44:10.210] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49185.1727228339.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280650021, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49185, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9644225864167885, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:44:10.210] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:44:10.210] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:44:10.210] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:44:10.210] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:44:13.140] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24827 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49187.1727228340.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49187.1727228340.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T114412Z&X-Amz-SignedHeaders=host&X-Amz-Signature=c09499bbe2d8682289f74c3555de92003a14ce62a7ba1f35fee41d530930588d"} [2025-12-09 19:44:13.140] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:44:13.140] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:44:13.141] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:44:13.141] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:44:13.141] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:44:13.141] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:44:13.326] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49187.1727228340.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280653141, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49187, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9991696735818225, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:44:13.326] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:44:13.326] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:44:13.326] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:44:13.326] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:44:16.262] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24828 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49188.1727228340.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49188.1727228340.jsonl?X-Amz-Signature=8e2b1ec834f122d8b895c6b10b6a606149ccb8ba8b64da2a1dd4fb9845b2bddb&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T114415Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:44:16.262] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:44:16.262] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:44:16.262] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:44:16.262] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:44:16.262] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:44:16.263] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:44:16.447] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49188.1727228340.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280656263, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49188, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9990365320615877, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:44:16.447] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:44:16.447] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:44:16.447] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:44:16.447] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:44:19.383] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24078 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49189.1727228340.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49189.1727228340.jsonl?X-Amz-Date=20251209T114418Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=de02e7dbae7e843899cc21f63f737c794aa86790619e16c98cf4fd791b1a398d&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-09 19:44:19.384] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:44:19.384] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:44:19.384] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:44:19.384] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:44:19.384] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:44:19.384] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:44:19.582] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49189.1727228340.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280659384, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49189, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6704914626392562, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:44:19.582] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:44:19.582] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:44:19.582] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:44:19.582] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:44:22.494] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25166 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49190.1727228341.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49190.1727228341.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=33ccccc70cc1e5b4d77b7f8d9473fb6af52417f63a71bb18b4476fd3c651d37b&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251209T114422Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:44:22.494] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:44:22.494] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:44:22.494] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:44:22.494] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:44:22.494] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:44:22.495] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:44:22.681] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49190.1727228341.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280662495, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49190, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.6681120533328117, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:44:22.681] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:44:22.681] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:44:22.681] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:44:22.681] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:44:25.629] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24079 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49191.1727228341.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49191.1727228341.jsonl?X-Amz-Signature=2e6e5c6c3c6f008f170385dce57a311f00a001abd0d51dc970a117f97e470874&X-Amz-Date=20251209T114425Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-09 19:44:25.629] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:44:25.629] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:44:25.630] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:44:25.630] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:44:25.630] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:44:25.630] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:44:25.849] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49191.1727228341.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280665630, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49191, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.70713223924829, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:44:25.849] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:44:25.849] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:44:25.849] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:44:25.849] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:44:28.732] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24080 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49192.1727228341.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49192.1727228341.jsonl?X-Amz-Signature=ec88f81d4202df6e1ee8c439535dd57dbec51152cec42d13d5acb4518ebd9e03&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T114428Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:44:28.732] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:44:28.732] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:44:28.732] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:44:28.733] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:44:28.733] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:44:28.733] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:44:28.918] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49192.1727228341.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280668733, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49192, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.776271931397361, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:44:28.918] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:44:28.918] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:44:28.918] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:44:28.918] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:44:31.840] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24081 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49193.1727228342.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49193.1727228342.jsonl?X-Amz-Signature=4f96685de66b0a111932c2020d04377aa496f5a24c45c13c3fb8339d3ec3026c&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T114431Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:44:31.840] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:44:31.840] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:44:31.840] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:44:31.841] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:44:31.841] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:44:31.841] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:44:32.026] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49193.1727228342.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280671841, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49193, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9065707770298514, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:44:32.026] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:44:32.026] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:44:32.027] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:44:32.027] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:44:34.958] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24082 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49194.1727228342.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49194.1727228342.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=b2507111051761c14f75a4edace5af85aa6afcda4dd4b05316b0ddf540e4e247&X-Amz-Date=20251209T114434Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 19:44:34.958] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:44:34.958] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:44:34.958] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:44:34.958] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:44:34.958] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:44:34.959] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:44:35.144] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49194.1727228342.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280674959, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49194, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.6815273572290471, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:44:35.144] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:44:35.144] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:44:35.144] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:44:35.144] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:44:38.074] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25167 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49197.1727228343.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49197.1727228343.jsonl?X-Amz-Date=20251209T114437Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=da2d50696ba764ce8d7eea09634636fc9bfa15a59955d3e85ac6127a76e6208c&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-09 19:44:38.074] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:44:38.074] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:44:38.074] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:44:38.074] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:44:38.074] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:44:38.075] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:44:38.260] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49197.1727228343.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280678075, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49197, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.6257930564673225, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:44:38.260] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:44:38.260] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:44:38.260] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:44:38.260] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:44:41.186] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24083 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49198.1727228343.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49198.1727228343.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T114440Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=27bd4cbf053af2f635a59aa22964457c6aba0ccdbec3460b2783f344e52f3598"} [2025-12-09 19:44:41.186] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:44:41.186] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:44:41.186] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:44:41.186] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:44:41.186] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:44:41.187] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:44:41.372] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49198.1727228343.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280681187, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49198, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.5208323091838872, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:44:41.372] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:44:41.372] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:44:41.372] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:44:41.372] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:44:44.302] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24084 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49199.1727228343.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49199.1727228343.jsonl?X-Amz-Date=20251209T114443Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=cf52e9c60cb74e3122e4c219366c39c3da197e974f239b30577df3bbb7503189"} [2025-12-09 19:44:44.302] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:44:44.302] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:44:44.302] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:44:44.302] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:44:44.302] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:44:44.303] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:44:44.488] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49199.1727228343.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280684303, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49199, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8708762004632982, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:44:44.488] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:44:44.488] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:44:44.488] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:44:44.488] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:44:47.423] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24829 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49200.1727228343.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49200.1727228343.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=91c85f8f5a8e40bde9260570c650a7d63772b9ff4a981e45e2aec86e7c521bbb&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T114446Z"} [2025-12-09 19:44:47.423] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:44:47.423] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:44:47.423] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:44:47.423] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:44:47.423] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:44:47.424] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:44:47.609] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49200.1727228343.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280687424, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49200, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.6404661592443197, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:44:47.609] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:44:47.609] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:44:47.609] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:44:47.609] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:44:50.538] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24085 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49201.1727228344.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49201.1727228344.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=c14d92eab447a7c0a00c6252e506ea751dae83a53f80cf2728c073dfc73ddf3f&X-Amz-Date=20251209T114450Z"} [2025-12-09 19:44:50.538] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:44:50.538] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:44:50.538] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:44:50.538] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:44:50.538] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:44:50.538] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:44:50.723] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49201.1727228344.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280690539, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49201, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8700626674775306, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:44:50.723] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:44:50.723] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:44:50.723] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:44:50.723] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:44:53.639] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24830 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49202.1727228344.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49202.1727228344.jsonl?X-Amz-Date=20251209T114453Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=1bd0b56bf3bb65084802f7ccd987ad2ed08d16a52a7ecf222c52f95c90d30c94"} [2025-12-09 19:44:53.639] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:44:53.639] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:44:53.640] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:44:53.640] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:44:53.640] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:44:53.640] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:44:53.825] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49202.1727228344.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280693640, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49202, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.952812539485268, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:44:53.825] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:44:53.825] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:44:53.825] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:44:53.825] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:44:56.759] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24831 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49203.1727228344.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49203.1727228344.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=085b214eea4412f2725da10a7498a9a241c58e28fcea52a60376ad3ca19b793f&X-Amz-Date=20251209T114456Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:44:56.759] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:44:56.759] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:44:56.759] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:44:56.759] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:44:56.759] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:44:56.760] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:44:56.944] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49203.1727228344.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280696760, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49203, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.675426179227328, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:44:56.944] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:44:56.944] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:44:56.944] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:44:56.945] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:44:59.862] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24086 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49204.1727228344.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49204.1727228344.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T114459Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=00ac8d84fd14834ff07ef1a30349eab75b60ade5a4310aa8e20c8b4170ae8285"} [2025-12-09 19:44:59.862] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:44:59.862] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:44:59.862] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:44:59.862] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:44:59.862] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:44:59.863] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:45:00.048] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49204.1727228344.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280699863, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49204, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.872413217346259, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:45:00.048] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:45:00.048] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:45:00.048] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:45:00.048] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:45:02.971] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24832 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49207.1727228345.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49207.1727228345.jsonl?X-Amz-Expires=604800&X-Amz-Signature=59cad8e1e8dcde34a1406da577710fc1437afe23bc995d576b3b2c3596f15d49&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T114502Z"} [2025-12-09 19:45:02.971] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:45:02.971] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:45:02.971] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:45:02.971] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:45:02.971] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:45:02.972] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:45:03.158] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49207.1727228345.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280702972, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49207, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9866518536981347, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:45:03.158] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:45:03.158] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:45:03.158] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:45:03.158] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:45:06.087] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24087 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49208.1727228345.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49208.1727228345.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T114505Z&X-Amz-Signature=dbe40dcee7622202a3444f86d8ba507ef6a467040b1a7768bd3ac7c8eebba7cb&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-09 19:45:06.087] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:45:06.087] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:45:06.087] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:45:06.087] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:45:06.087] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:45:06.088] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:45:06.273] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49208.1727228345.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280706088, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49208, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987299237502186, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:45:06.273] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:45:06.273] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:45:06.273] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:45:06.273] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:45:09.200] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24833 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49209.1727228346.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49209.1727228346.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T114508Z&X-Amz-Signature=4b5e0281dc6cd3741e38bef7f8e9ada2eaf560a15b81c91f4a8f94b6ed75ba91&X-Amz-Expires=604800"} [2025-12-09 19:45:09.200] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:45:09.200] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:45:09.200] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:45:09.200] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:45:09.200] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:45:09.201] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:45:09.386] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49209.1727228346.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280709201, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49209, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.749804018938855, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:45:09.386] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:45:09.386] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:45:09.386] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:45:09.386] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:45:12.312] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24088 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49210.1727228346.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49210.1727228346.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T114511Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=750df85b808b4a68f0438a847d192ebeb3a072715aa12f20146b7ebef0fd42c0"} [2025-12-09 19:45:12.312] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:45:12.312] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:45:12.312] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:45:12.312] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:45:12.312] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:45:12.312] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:45:12.498] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49210.1727228346.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280712312, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49210, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8503397167372608, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:45:12.499] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:45:12.499] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:45:12.499] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:45:12.499] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:45:15.429] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24089 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49211.1727228346.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49211.1727228346.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251209T114514Z&X-Amz-Signature=3dc0bf064734aafff4bdc9271aef9fb4d6894ecb36b69859890ef28796609ec2"} [2025-12-09 19:45:15.429] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:45:15.429] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:45:15.429] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:45:15.429] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:45:15.429] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:45:15.430] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:45:15.614] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49211.1727228346.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280715430, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49211, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8252456489064133, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:45:15.614] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:45:15.614] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:45:15.614] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:45:15.614] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:45:18.541] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25168 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49212.1727228346.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49212.1727228346.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=90301d01ed4bee269270c5c57dd7a26d834f6de91fcb5d17cecc636c38a895d0&X-Amz-Date=20251209T114518Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:45:18.541] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:45:18.541] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:45:18.541] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:45:18.541] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:45:18.541] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:45:18.542] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:45:18.726] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49212.1727228346.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280718542, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49212, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9865806649237132, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:45:18.726] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:45:18.726] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:45:18.726] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:45:18.726] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:45:21.649] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24834 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49213.1727228347.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49213.1727228347.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=14cc280ee5bccc3069dbb07a84235f40b51e95db5cc524cfed40327546fc0f91&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251209T114521Z"} [2025-12-09 19:45:21.649] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:45:21.649] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:45:21.649] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:45:21.649] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:45:21.649] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:45:21.650] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:45:21.833] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49213.1727228347.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280721650, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49213, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9097916849017884, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:45:21.833] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:45:21.833] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:45:21.833] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:45:21.833] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:45:24.762] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24090 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49206.1727228345.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49206.1727228345.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=2fd64af2e5a62d8db8df6d678e0425b659b56787354395769e41fca006c566cf&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251209T114524Z"} [2025-12-09 19:45:24.762] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:45:24.762] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:45:24.762] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:45:24.762] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:45:24.762] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:45:24.763] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:45:24.948] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49206.1727228345.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280724763, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49206, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9677342644366878, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:45:24.948] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:45:24.948] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:45:24.948] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:45:24.948] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:45:27.881] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25169 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49196.1727228342.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49196.1727228342.jsonl?X-Amz-Date=20251209T114527Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=d6b87ea0cb403978bbc72683d249ded2fee8859b85254f55ab6d78f03e9099ec"} [2025-12-09 19:45:27.881] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:45:27.881] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:45:27.881] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:45:27.881] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:45:27.881] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:45:27.882] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:45:28.067] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49196.1727228342.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280727882, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49196, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8515432049926769, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:45:28.067] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:45:28.067] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:45:28.067] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:45:28.067] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:45:30.995] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25170 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.UDP_10-0-4-15_3389_111-53-218-171_51842.1726284545.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.UDP_10-0-4-15_3389_111-53-218-171_51842.1726284545.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=9411f3bdb48e4ad6ea7964bc320da9972dd475b68cfa940989076e04ec79a58f&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T114530Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-09 19:45:30.995] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:45:30.995] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:45:30.995] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:45:30.995] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:45:30.995] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:45:30.996] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:45:31.002] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.UDP_10-0-4-15_3389_111-53-218-171_51842.1726284545.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280730996, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:45:31.002] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:45:31.002] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:45:34.109] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25171 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726192244.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726192244.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T114533Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=00ed004d4bbe01176da67f5b30941dbb564921ab9a3b6dc5db1cd39802f5a39f&X-Amz-SignedHeaders=host"} [2025-12-09 19:45:34.110] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:45:34.110] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:45:34.110] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:45:34.110] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:45:34.110] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:45:34.111] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:45:34.122] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726192244.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280734111, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:45:34.122] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:45:34.122] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:45:37.220] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25172 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54663_192-168-112-135_8080.1726627010.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54663_192-168-112-135_8080.1726627010.jsonl?X-Amz-Signature=d893414f42162b3a656d9c7b8592fb618685433115ee2f1ce50e48d7e769f974&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T114536Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:45:37.220] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:45:37.220] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:45:37.220] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:45:37.220] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:45:37.220] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:45:37.221] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:45:37.451] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54663_192-168-112-135_8080.1726627010.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280737221, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54663, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:45:37.451] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:45:37.451] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:45:37.451] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:45:37.451] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:45:40.340] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24835 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_http.pcap.TCP_192-168-112-1_64656_192-168-112-135_8080.1726218780.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_http.pcap.TCP_192-168-112-1_64656_192-168-112-135_8080.1726218780.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=3b39b389752a4cc29d6ccb1dbf9657eea86c9cc6d88182a0b9fe814f500fc5dd&X-Amz-Date=20251209T114539Z"} [2025-12-09 19:45:40.340] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:45:40.340] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:45:40.341] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:45:40.341] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:45:40.341] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:45:40.341] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:45:40.526] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_http.pcap.TCP_192-168-112-1_64656_192-168-112-135_8080.1726218780.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280740341, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 64656, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:45:40.527] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:45:40.527] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:45:40.527] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:45:40.527] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:45:43.458] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24091 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54669_192-168-112-135_8080.1726627025.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54669_192-168-112-135_8080.1726627025.jsonl?X-Amz-Date=20251209T114542Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=5d160f1b0e72b87aaeddfc16efe80683af77796620e43689584a307b0ff65b3f&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:45:43.458] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:45:43.458] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:45:43.458] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:45:43.459] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:45:43.459] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:45:43.459] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:45:43.679] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54669_192-168-112-135_8080.1726627025.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280743459, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54669, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:45:43.679] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:45:43.679] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:45:43.679] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:45:43.679] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:45:46.575] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24836 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54673_192-168-112-135_8080.1726627033.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54673_192-168-112-135_8080.1726627033.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T114546Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=8dbb3979ef21f14ae0b9efdb9f69f0287b5f81b052c8b403526d8cc305febd2d"} [2025-12-09 19:45:46.575] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:45:46.575] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:45:46.576] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:45:46.576] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:45:46.576] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:45:46.576] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:45:46.759] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54673_192-168-112-135_8080.1726627033.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280746576, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54673, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:45:46.759] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:45:46.759] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:45:46.759] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:45:46.759] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:45:49.685] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24837 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54672_192-168-112-135_8080.1726627032.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54672_192-168-112-135_8080.1726627032.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251209T114549Z&X-Amz-Signature=b9abb2e69399649a79ee2d0ce7f1234a49f4ed6e7a467e6d4a25226cdfec4cf6"} [2025-12-09 19:45:49.686] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:45:49.686] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:45:49.686] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:45:49.686] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:45:49.686] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:45:49.686] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:45:49.870] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54672_192-168-112-135_8080.1726627032.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280749686, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54672, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:45:49.870] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:45:49.870] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:45:49.870] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:45:49.870] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:45:52.800] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25173 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54666_192-168-112-135_8080.1726627022.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54666_192-168-112-135_8080.1726627022.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=ba490129d097be206755d3f740931a3e6f98341a894e78dc3260364916e12b37&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T114552Z"} [2025-12-09 19:45:52.800] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:45:52.800] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:45:52.800] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:45:52.800] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:45:52.800] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:45:52.801] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:45:52.984] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54666_192-168-112-135_8080.1726627022.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280752801, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54666, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:45:52.984] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:45:52.984] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:45:52.984] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:45:52.984] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:45:55.916] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24092 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_http.pcap.TCP_192-168-112-1_64655_192-168-112-135_8080.1726218779.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_http.pcap.TCP_192-168-112-1_64655_192-168-112-135_8080.1726218779.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T114555Z&X-Amz-Signature=c361537b5f71c43d6d83362ab9fdb3279941b6206266c32b7305f6040744f678"} [2025-12-09 19:45:55.916] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:45:55.916] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:45:55.916] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:45:55.916] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:45:55.916] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:45:55.917] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:45:56.100] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_http.pcap.TCP_192-168-112-1_64655_192-168-112-135_8080.1726218779.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280755917, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 64655, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:45:56.100] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:45:56.100] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:45:56.100] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:45:56.100] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:45:59.025] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25174 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54676_192-168-112-135_8080.1726627037.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54676_192-168-112-135_8080.1726627037.jsonl?X-Amz-Date=20251209T114558Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=65eb2486d825cc2f152f53ecafb89c8a3105518c5d84055d73d6c76e0ba7c9d6&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:45:59.025] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:45:59.025] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:45:59.025] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:45:59.025] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:45:59.025] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:45:59.026] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:45:59.210] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54676_192-168-112-135_8080.1726627037.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280759026, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54676, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:45:59.210] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:45:59.210] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:45:59.210] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:45:59.210] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:46:02.139] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24093 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54674_192-168-112-135_8080.1726627034.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54674_192-168-112-135_8080.1726627034.jsonl?X-Amz-Expires=604800&X-Amz-Signature=260bfbfa5d6b72d4906cef40af30f4d225a87d482770803ed85997658eb8d70b&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T114601Z"} [2025-12-09 19:46:02.139] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:46:02.139] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:46:02.139] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:46:02.139] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:46:02.139] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:46:02.140] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:46:02.329] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54674_192-168-112-135_8080.1726627034.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280762140, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54674, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:46:02.329] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:46:02.329] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:46:02.329] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:46:02.329] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:46:05.248] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24094 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54668_192-168-112-135_8080.1726627024.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54668_192-168-112-135_8080.1726627024.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=ecc2a159aa6e32155ecbba5c383784ec311732972f70219ec10e10bd3e918c35&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T114604Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-09 19:46:05.248] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:46:05.248] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:46:05.248] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:46:05.248] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:46:05.248] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:46:05.248] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:46:05.432] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54668_192-168-112-135_8080.1726627024.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280765249, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54668, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:46:05.432] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:46:05.432] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:46:05.432] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:46:05.432] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:46:08.352] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25175 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai3_http_whoami.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726193202.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai3_http_whoami.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726193202.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=f85f0420a9caa985275447ce1ffa9b1f7848ff4ca1ac2f2da4cd41c7ee6fdfa4&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T114607Z"} [2025-12-09 19:46:08.353] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:46:08.353] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:46:08.353] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:46:08.353] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:46:08.353] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:46:08.353] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:46:08.360] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai3_http_whoami.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726193202.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280768353, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:46:08.360] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:46:08.360] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:46:11.461] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25176 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54677_192-168-112-135_8080.1726627038.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54677_192-168-112-135_8080.1726627038.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T114610Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=ac322a16c44eba5ec98342273c34d329f4accfed6242514ff591112ce5d965f9"} [2025-12-09 19:46:11.462] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:46:11.462] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:46:11.462] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:46:11.462] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:46:11.462] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:46:11.463] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:46:11.693] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54677_192-168-112-135_8080.1726627038.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280771463, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54677, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:46:11.693] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:46:11.693] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:46:11.693] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:46:11.693] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:46:14.571] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25177 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_http.pcap.TCP_192-168-112-1_64654_192-168-112-135_8080.1726218768.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_http.pcap.TCP_192-168-112-1_64654_192-168-112-135_8080.1726218768.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T114614Z&X-Amz-Signature=0dfa5b6dfcf7daac057702e43b1190b5a1b64d212bfe2503c48be75de8cdbefc&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:46:14.571] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:46:14.571] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:46:14.571] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:46:14.571] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:46:14.571] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:46:14.572] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:46:14.758] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_http.pcap.TCP_192-168-112-1_64654_192-168-112-135_8080.1726218768.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280774572, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 64654, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:46:14.758] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:46:14.758] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:46:14.758] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:46:14.758] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:46:17.690] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24095 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai3_http_whoami.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726193202.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai3_http_whoami.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726193202.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=d43293e50b9d7cc0bce3eb01a847d819e3a8d1abe3a90180faf9eb2b592c7dfe&X-Amz-Date=20251209T114617Z&X-Amz-Expires=604800"} [2025-12-09 19:46:17.690] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:46:17.690] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:46:17.690] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:46:17.690] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:46:17.690] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:46:17.691] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:46:17.697] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai3_http_whoami.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726193202.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280777691, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:46:17.697] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:46:17.697] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:46:20.805] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25178 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.TCP_10-0-4-15_4433_111-53-218-171_11580.1726284531.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.TCP_10-0-4-15_4433_111-53-218-171_11580.1726284531.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T114620Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=778138ef598bb49f01c6556c447a7be565342022fb93eba1ea85bfe76d968dfd&X-Amz-SignedHeaders=host"} [2025-12-09 19:46:20.805] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:46:20.805] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:46:20.805] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:46:20.805] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:46:20.805] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:46:20.806] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:46:21.036] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.TCP_10-0-4-15_4433_111-53-218-171_11580.1726284531.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280780807, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "111.53.218.171", "dest_ip": "10.0.4.15", "protocol": 6, "src_port": 11580, "dest_port": 4433, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:46:21.036] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:46:21.036] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:46:21.036] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:46:21.036] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:46:23.917] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24096 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_cat.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726018275.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_cat.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726018275.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251209T114623Z&X-Amz-Signature=e8e8f8ee04fe034e6bdf1a22b7e726c90c11bba1da3d49fdf185ce2e4a6cc53f&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-09 19:46:23.917] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:46:23.917] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:46:23.917] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:46:23.917] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:46:23.917] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:46:23.918] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:46:23.924] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_cat.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726018275.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280783918, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:46:23.924] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:46:23.924] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:46:27.029] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25179 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_whoami.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726018396.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_whoami.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726018396.jsonl?X-Amz-Date=20251209T114626Z&X-Amz-Expires=604800&X-Amz-Signature=f504759796275db4f34c249785abf87b25d3ed5587171bd3a4ed11d1e44bbd0b&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:46:27.029] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:46:27.030] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:46:27.030] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:46:27.030] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:46:27.030] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:46:27.031] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:46:27.042] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_whoami.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726018396.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280787031, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:46:27.042] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:46:27.042] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:46:30.140] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24097 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai2_https_ls.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726041711.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai2_https_ls.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726041711.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=1bf8a2ca7a81d5905e8797cb1696defb8cb6007da4bd615dd1dfed4c04f2efeb&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251209T114629Z"} [2025-12-09 19:46:30.140] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:46:30.140] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:46:30.140] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:46:30.140] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:46:30.140] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:46:30.141] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:46:30.152] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai2_https_ls.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726041711.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280790141, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:46:30.152] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:46:30.152] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:46:33.258] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25180 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726042677.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726042677.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T114632Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=0f267fd549071956eeaf5fb26de361b4c8cded7c45778b54c1f4ea3fa7fbe36f"} [2025-12-09 19:46:33.258] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:46:33.258] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:46:33.258] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:46:33.258] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:46:33.258] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:46:33.259] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:46:33.270] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726042677.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280793259, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:46:33.270] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:46:33.270] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:46:36.360] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25181 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54661_192-168-112-135_8080.1726627004.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54661_192-168-112-135_8080.1726627004.jsonl?X-Amz-Signature=d89e392541666a0f3a2d3922cbb7da44a15dfce0d3c8010b4c909a56be2d6a68&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T114635Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-09 19:46:36.360] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:46:36.360] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:46:36.360] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:46:36.360] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:46:36.360] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:46:36.361] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:46:36.613] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54661_192-168-112-135_8080.1726627004.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280796361, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54661, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:46:36.613] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:46:36.613] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:46:36.613] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:46:36.613] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:46:39.462] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25182 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54662_192-168-112-135_8080.1726627010.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54662_192-168-112-135_8080.1726627010.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T114638Z&X-Amz-Expires=604800&X-Amz-Signature=a5375865b85555709433b6e4716ef2a167b981d02ef86a329db7870b02fec975"} [2025-12-09 19:46:39.462] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:46:39.462] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:46:39.462] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:46:39.463] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:46:39.463] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:46:39.463] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:46:39.646] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54662_192-168-112-135_8080.1726627010.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280799463, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54662, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:46:39.646] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:46:39.646] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:46:39.646] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:46:39.646] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:46:42.574] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25183 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54665_192-168-112-135_8080.1726627022.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54665_192-168-112-135_8080.1726627022.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=bf836363705fc92932c28925737abb7646ad1ec8347cdde8bed005a01b1439ea&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T114642Z"} [2025-12-09 19:46:42.574] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:46:42.574] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:46:42.575] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:46:42.575] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:46:42.575] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:46:42.575] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:46:42.758] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54665_192-168-112-135_8080.1726627022.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280802575, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54665, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:46:42.759] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:46:42.759] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:46:42.759] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:46:42.759] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:46:45.676] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25184 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_cat.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726018275.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_cat.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726018275.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T114645Z&X-Amz-Expires=604800&X-Amz-Signature=803735fa3ff0c8659105080960a1d013255644368fdd6f1b6b320fb7026e18df"} [2025-12-09 19:46:45.676] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:46:45.676] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:46:45.677] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:46:45.677] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:46:45.677] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:46:45.677] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:46:45.683] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_cat.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726018275.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280805677, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:46:45.683] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:46:45.683] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:46:48.786] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24838 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_whoami.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726018396.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_whoami.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726018396.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T114648Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=45ea0985a72980961d89dbc101398533b2f68bd77f2c59edc08832967402dcc7"} [2025-12-09 19:46:48.786] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:46:48.786] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:46:48.787] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:46:48.787] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:46:48.787] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:46:48.788] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:46:48.799] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_whoami.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726018396.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280808788, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:46:48.799] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:46:48.799] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:46:51.887] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24839 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai2_https_ls.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726041711.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai2_https_ls.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726041711.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=4d5686e55e318407fa151dc3b847466769959651e96009e15a5b1d6027b6f05f&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T114651Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-09 19:46:51.888] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:46:51.888] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:46:51.888] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:46:51.888] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:46:51.888] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:46:51.889] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:46:51.900] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai2_https_ls.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726041711.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280811889, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:46:51.900] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:46:51.900] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:46:55.004] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24840 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726042677.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726042677.jsonl?X-Amz-Date=20251209T114654Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=2877f1c2c2c2746d71eeef097eb2ed1608a1c553b48dd30a5e0f0ac549f85198"} [2025-12-09 19:46:55.004] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:46:55.004] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:46:55.004] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:46:55.004] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:46:55.004] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:46:55.005] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:46:55.016] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726042677.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765280815005, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:46:55.016] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:46:55.016] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:46:58.122] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25185 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID71_Z_Godzilla_ekp1.1_jsp_linux-http.pcap.TCP_192-168-0-3_50834_192-168-0-202_20012.1726715829.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID71_Z_Godzilla_ekp1.1_jsp_linux-http.pcap.TCP_192-168-0-3_50834_192-168-0-202_20012.1726715829.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251209T114657Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=a324071aa09a8a2431e33ad2472419fdda0f187f5bc3b44ae590e4b1b24a5f34"} [2025-12-09 19:46:58.122] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:46:58.122] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:46:58.122] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:46:58.123] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:46:58.123] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:46:58.123] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:46:58.353] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID71_Z_Godzilla_ekp1.1_jsp_linux-http.pcap.TCP_192-168-0-3_50834_192-168-0-202_20012.1726715829.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765280818124, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:46:58.353] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:46:58.353] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:47:43.627] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24841 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52976_192-168-32-40_443.1726127486.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52976_192-168-32-40_443.1726127486.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=a08117118ee1ed37c260c464dc328ee99f443f5c7f116ddcb717d6b3617ee135&X-Amz-Date=20251209T114743Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-09 19:47:43.627] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:47:43.627] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:47:43.627] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:47:43.627] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:47:43.627] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:47:43.628] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:47:43.863] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52976_192-168-32-40_443.1726127486.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280863628, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "protocol": 6, "src_port": 52976, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999977767188404, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:47:43.864] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:47:43.864] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:47:43.864] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:47:43.864] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:47:46.741] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24842 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52812_192-168-32-40_443.1726127476.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52812_192-168-32-40_443.1726127476.jsonl?X-Amz-Date=20251209T114746Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=6bfd072d8d0d37e0909cb1beeaf9d62c0a56dd3f6bf15b034257f9c2a61f0f95&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:47:46.742] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:47:46.742] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:47:46.742] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:47:46.742] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:47:46.742] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:47:46.742] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:47:46.927] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52812_192-168-32-40_443.1726127476.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280866742, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "protocol": 6, "src_port": 52812, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9966471353749916, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:47:46.927] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:47:46.927] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:47:46.927] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:47:46.927] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:47:49.858] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24098 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52813_192-168-32-40_443.1726127477.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52813_192-168-32-40_443.1726127477.jsonl?X-Amz-Signature=e862081a599b575ee9b767d81bb1f26b269dd8a1f8b89fb1836194601ddda26f&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251209T114749Z"} [2025-12-09 19:47:49.858] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:47:49.858] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:47:49.858] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:47:49.859] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:47:49.859] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:47:49.859] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:47:50.044] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52813_192-168-32-40_443.1726127477.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280869859, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "protocol": 6, "src_port": 52813, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999930148179449, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:47:50.044] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:47:50.044] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:47:50.044] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:47:50.044] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:47:52.976] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24843 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_48270.1726130582.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_48270.1726130582.jsonl?X-Amz-Date=20251209T114752Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=60235cb4e2417146e9737e102448f68ad544c13c149af6130f54c7890858207f&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-09 19:47:52.976] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:47:52.976] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:47:52.976] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:47:52.976] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:47:52.976] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:47:52.977] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:47:53.163] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_48270.1726130582.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765280872977, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:47:53.163] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:47:53.163] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:47:56.094] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25186 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52966_192-168-32-40_443.1726127478.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52966_192-168-32-40_443.1726127478.jsonl?X-Amz-Date=20251209T114755Z&X-Amz-Signature=76e96effc1a9f374411b9d86ac3706d67789b684462bfde00151e3e0c5315739&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-09 19:47:56.095] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:47:56.095] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:47:56.095] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:47:56.095] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:47:56.095] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:47:56.095] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:47:56.280] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52966_192-168-32-40_443.1726127478.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280876095, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "protocol": 6, "src_port": 52966, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999700077034432, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:47:56.280] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:47:56.280] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:47:56.280] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:47:56.280] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:47:59.206] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25187 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53648_192-168-112-135_443.1726625102.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53648_192-168-112-135_443.1726625102.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T114758Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=a825149e54849b94f88ad1580c49fbb9122e0dbf261b0de408418a6ecdca7823"} [2025-12-09 19:47:59.206] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:47:59.206] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:47:59.207] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:47:59.207] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:47:59.207] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:47:59.207] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:47:59.392] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53648_192-168-112-135_443.1726625102.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280879207, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53648, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999637603669073, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:47:59.392] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:47:59.392] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:47:59.392] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:47:59.392] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:48:02.310] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24099 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52645_192-168-32-40_443.1726127466.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52645_192-168-32-40_443.1726127466.jsonl?X-Amz-Expires=604800&X-Amz-Signature=90372903ae65feb480bd36b5985debff3f26b0be8c7c525e3b0d4e2f8cd3d958&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T114801Z"} [2025-12-09 19:48:02.310] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:48:02.310] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:48:02.311] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:48:02.311] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:48:02.311] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:48:02.311] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:48:02.528] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52645_192-168-32-40_443.1726127466.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280882311, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "protocol": 6, "src_port": 52645, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.999476350190861, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:48:02.528] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:48:02.528] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:48:02.528] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:48:02.528] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:48:05.423] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24844 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52798_192-168-32-40_443.1726127473.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52798_192-168-32-40_443.1726127473.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=5f82e16e25462cd1ebb3e776c93e5f63aea97ebd4216dc507da8919bc8c3bb6b&X-Amz-Date=20251209T114804Z"} [2025-12-09 19:48:05.423] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:48:05.423] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:48:05.423] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:48:05.423] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:48:05.423] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:48:05.424] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:48:05.608] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52798_192-168-32-40_443.1726127473.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280885424, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "protocol": 6, "src_port": 52798, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.999984414189609, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:48:05.608] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:48:05.608] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:48:05.608] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:48:05.608] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:48:08.548] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24100 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_53137_192-168-32-40_443.1726127492.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_53137_192-168-32-40_443.1726127492.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251209T114808Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=27b32a0cdad44cd3753e5f89fe0f299b3b601ce6adfc5ce2378e9ec1f533755d&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-09 19:48:08.548] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:48:08.548] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:48:08.549] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:48:08.549] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:48:08.549] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:48:08.549] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:48:08.732] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_53137_192-168-32-40_443.1726127492.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280888549, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "protocol": 6, "src_port": 53137, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999524064721669, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:48:08.732] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:48:08.732] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:48:08.732] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:48:08.732] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:48:11.670] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24845 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64742_192-168-112-135_8443.1726219077.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64742_192-168-112-135_8443.1726219077.jsonl?X-Amz-Signature=afbe4e70a2ecd06664d6a489f929d99cb3ef36eda45289ed42d608ef3d117f10&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251209T114811Z&X-Amz-SignedHeaders=host"} [2025-12-09 19:48:11.670] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:48:11.670] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:48:11.671] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:48:11.671] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:48:11.671] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:48:11.671] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:48:11.856] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64742_192-168-112-135_8443.1726219077.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280891671, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 64742, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.998189764443165, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:48:11.856] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:48:11.856] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:48:11.856] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:48:11.856] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:48:14.791] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25188 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54855_192-168-112-135_8443.1726627278.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54855_192-168-112-135_8443.1726627278.jsonl?X-Amz-Date=20251209T114814Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=77b9492be48879f7e8fd1c9e81ef806bd46debd6a00e78f6a105aad3c3f459ce"} [2025-12-09 19:48:14.791] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:48:14.791] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:48:14.791] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:48:14.791] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:48:14.791] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:48:14.792] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:48:14.977] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54855_192-168-112-135_8443.1726627278.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280894792, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54855, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9979254684619023, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:48:14.977] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:48:14.977] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:48:14.977] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:48:14.977] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:48:17.902] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24846 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51868.1726816620.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51868.1726816620.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T114817Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=0f1a1ecb0c4f975c412e057692d078b8124dece0cec52286820300df4e62006a"} [2025-12-09 19:48:17.902] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:48:17.902] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:48:17.902] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:48:17.902] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:48:17.902] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:48:17.903] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:48:18.088] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51868.1726816620.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280897903, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51868, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.67716028710914, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:48:18.088] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:48:18.088] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:48:18.088] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:48:18.088] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:48:21.028] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25189 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51112.1726795503.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51112.1726795503.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=40d8c880a9d2b0b2773859298bc7b14e47ff3795de8aff7a29011abd4849656a&X-Amz-Date=20251209T114820Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:48:21.029] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:48:21.029] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:48:21.029] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:48:21.029] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:48:21.029] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:48:21.029] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:48:21.219] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51112.1726795503.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280901029, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51112, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5651993738764558, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:48:21.219] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:48:21.219] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:48:21.219] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:48:21.219] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:48:24.143] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25190 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51768.1726813717.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51768.1726813717.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T114823Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=0024c7d3a1261de5095bce71c307ddeeac7d5b787e3585fa5baaff311c47d996&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:48:24.143] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:48:24.143] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:48:24.143] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:48:24.143] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:48:24.143] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:48:24.143] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:48:24.331] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51768.1726813717.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280904144, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51768, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.914844091541431, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:48:24.331] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:48:24.331] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:48:24.331] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:48:24.331] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:48:27.246] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24847 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51222.1726799587.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51222.1726799587.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=8f02965b151c3ad221810a9c8a79029798e2b7166d34cb79baa2d1c8fbd9bde4&X-Amz-Expires=604800&X-Amz-Date=20251209T114826Z&X-Amz-SignedHeaders=host"} [2025-12-09 19:48:27.246] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:48:27.246] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:48:27.246] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:48:27.247] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:48:27.247] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:48:27.247] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:48:27.432] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51222.1726799587.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280907247, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51222, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.8209179403780051, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:48:27.432] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:48:27.432] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:48:27.432] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:48:27.432] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:48:30.361] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24101 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54858_192-168-112-135_8443.1726627285.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54858_192-168-112-135_8443.1726627285.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T114829Z&X-Amz-Signature=cc3b39ef384e2ec35ea5626f7cdb3d2208b54fc8b1d01a30197da7ff651abe7e"} [2025-12-09 19:48:30.361] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:48:30.361] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:48:30.362] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:48:30.362] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:48:30.362] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:48:30.362] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:48:30.547] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54858_192-168-112-135_8443.1726627285.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280910362, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54858, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9974635576044806, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:48:30.547] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:48:30.547] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:48:30.547] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:48:30.547] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:48:33.474] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25191 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51156.1726796707.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51156.1726796707.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251209T114832Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=b5423f9db0251daa987e4c1876511270fa4da82c27b07640711286c93ab2e7d3"} [2025-12-09 19:48:33.475] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:48:33.475] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:48:33.475] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:48:33.475] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:48:33.475] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:48:33.475] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:48:33.659] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51156.1726796707.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280913475, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51156, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7904833379047614, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:48:33.659] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:48:33.659] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:48:33.659] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:48:33.659] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:48:36.589] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25192 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51911.1726817777.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51911.1726817777.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T114836Z&X-Amz-Signature=12aacead9d78e1637f16519102a5c2d5fc472cfe13d4947c1f08c89003f841bd"} [2025-12-09 19:48:36.590] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:48:36.590] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:48:36.590] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:48:36.590] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:48:36.590] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:48:36.590] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:48:36.808] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51911.1726817777.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280916590, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51911, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9902476607497825, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:48:36.808] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:48:36.808] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:48:36.808] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:48:36.808] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:48:39.708] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24848 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51814.1726814967.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51814.1726814967.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=3c1a9ca61b3d7b5d13a189f8d1f85de159dd4dc9fb04861376e5d1b0ba356abb&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T114839Z&X-Amz-SignedHeaders=host"} [2025-12-09 19:48:39.708] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:48:39.708] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:48:39.708] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:48:39.708] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:48:39.708] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:48:39.709] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:48:39.893] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51814.1726814967.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280919709, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51814, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.6439827887800125, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:48:39.893] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:48:39.893] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:48:39.893] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:48:39.893] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:48:42.820] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25193 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51274.1726800903.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51274.1726800903.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251209T114842Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=5fd6d360bcfd8eed34ce7a28e4e02fdd30f94d2c162dbce3903b31806ea60f32&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:48:42.820] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:48:42.820] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:48:42.820] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:48:42.821] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:48:42.821] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:48:42.821] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:48:43.005] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51274.1726800903.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280922821, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51274, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.9971468104648852, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:48:43.006] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:48:43.006] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:48:43.006] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:48:43.006] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:48:45.936] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24849 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_58083_192-168-32-40_80.1726196742.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_58083_192-168-32-40_80.1726196742.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=b27686ff1399d732355960749544d5f3966f18cd5e289a79a24978ee866c5079&X-Amz-Expires=604800&X-Amz-Date=20251209T114845Z&X-Amz-SignedHeaders=host"} [2025-12-09 19:48:45.936] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:48:45.936] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:48:45.937] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:48:45.937] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:48:45.937] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:48:45.938] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:48:46.131] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_58083_192-168-32-40_80.1726196742.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280925938, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "protocol": 6, "src_port": 58083, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:48:46.131] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:48:46.131] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:48:46.131] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:48:46.131] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:48:49.043] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25194 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50445.1727159624.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50445.1727159624.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T114848Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=604fbdef3b76694d21f0e9c83f847085525443c2017cc861757a09c5f4e42d3c&X-Amz-Expires=604800"} [2025-12-09 19:48:49.043] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:48:49.043] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:48:49.044] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:48:49.044] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:48:49.044] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:48:49.045] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:48:49.238] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50445.1727159624.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280929045, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50445, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9967850187757732, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:48:49.238] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:48:49.238] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:48:49.238] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:48:49.238] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:48:52.147] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24102 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64741_192-168-112-135_8443.1726219075.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64741_192-168-112-135_8443.1726219075.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T114851Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=a7d9713cc3dcd9708c8563be137f0717cffce61e68e4befb8e733190af5d6013"} [2025-12-09 19:48:52.147] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:48:52.147] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:48:52.147] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:48:52.147] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:48:52.147] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:48:52.148] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:48:52.329] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64741_192-168-112-135_8443.1726219075.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280932148, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 64741, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9944981810014691, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:48:52.329] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:48:52.329] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:48:52.329] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:48:52.329] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:48:55.261] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24103 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64743_192-168-112-135_8443.1726219078.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64743_192-168-112-135_8443.1726219078.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251209T114854Z&X-Amz-Signature=952fd81e352b66a1dc66158495e02d7a10370b3ad0f47b5276cdee8226d98d3e&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-09 19:48:55.261] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:48:55.261] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:48:55.261] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:48:55.261] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:48:55.261] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:48:55.261] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:48:55.447] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64743_192-168-112-135_8443.1726219078.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280935262, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 64743, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9885886646187916, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:48:55.447] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:48:55.447] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:48:55.447] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:48:55.447] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:48:58.386] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24850 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64745_192-168-112-135_8443.1726219080.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64745_192-168-112-135_8443.1726219080.jsonl?X-Amz-Date=20251209T114857Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=e85713026a402dfcc3b2b8ad29fc52408376af9486e14f546fa49d880ebb7010&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:48:58.386] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:48:58.386] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:48:58.386] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:48:58.387] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:48:58.387] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:48:58.388] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:48:58.571] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64745_192-168-112-135_8443.1726219080.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280938388, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 64745, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9936517302580103, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:48:58.571] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:48:58.571] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:48:58.571] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:48:58.571] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:49:01.498] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24851 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42213_192-168-163-23_80.1726208596.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42213_192-168-163-23_80.1726208596.jsonl?X-Amz-Date=20251209T114900Z&X-Amz-Expires=604800&X-Amz-Signature=7c29cee7c72601d79013a78349e958a6fc41a62cd253bb24b2c944c209bb6da0&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:49:01.499] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:49:01.499] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:49:01.499] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:49:01.499] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:49:01.499] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:49:01.499] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:49:01.682] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42213_192-168-163-23_80.1726208596.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280941499, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42213, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:49:01.682] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:49:01.682] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:49:01.682] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:49:01.682] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:49:04.613] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24104 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64739_192-168-112-135_8443.1726219071.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64739_192-168-112-135_8443.1726219071.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=89be743c0d3d0db63cb837a9dde92fc6440fa37930dfdeb4c7335fe8e3aab8b9&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T114904Z"} [2025-12-09 19:49:04.613] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:49:04.613] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:49:04.613] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:49:04.613] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:49:04.613] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:49:04.613] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:49:04.798] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64739_192-168-112-135_8443.1726219071.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280944614, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 64739, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9977405261107022, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:49:04.798] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:49:04.798] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:49:04.798] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:49:04.798] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:49:07.727] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24105 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42204_192-168-163-23_80.1726208554.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42204_192-168-163-23_80.1726208554.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T114907Z&X-Amz-Expires=604800&X-Amz-Signature=e4f3a3d6e9408e106d89c0b0e566cb6935db2a89d1f415b8c114f9c24f7894f3&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:49:07.727] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:49:07.727] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:49:07.727] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:49:07.728] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:49:07.728] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:49:07.728] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:49:07.911] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42204_192-168-163-23_80.1726208554.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280947728, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42204, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:49:07.911] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:49:07.911] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:49:07.911] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:49:07.911] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:49:10.829] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24106 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54850_192-168-112-135_8443.1726627273.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54850_192-168-112-135_8443.1726627273.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=1d6ac60b6e8d7c7afc7667dea8d2cc579af011a68f5906103262eeac2794b81c&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T114910Z"} [2025-12-09 19:49:10.829] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:49:10.829] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:49:10.829] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:49:10.829] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:49:10.829] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:49:10.830] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:49:11.015] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54850_192-168-112-135_8443.1726627273.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280950830, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54850, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9960139199578331, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:49:11.015] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:49:11.015] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:49:11.015] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:49:11.015] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:49:13.944] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25195 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42226_192-168-163-23_80.1726208633.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42226_192-168-163-23_80.1726208633.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=ee577416eb0ade4bbebb70b7ce5c41ec28ad6093bb20971c9630f2632774c827&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T114913Z"} [2025-12-09 19:49:13.945] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:49:13.945] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:49:13.945] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:49:13.945] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:49:13.945] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:49:13.946] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:49:14.129] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42226_192-168-163-23_80.1726208633.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280953946, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42226, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:49:14.129] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:49:14.129] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:49:14.129] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:49:14.129] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:49:17.048] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25196 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_42016_192-168-163-23_80.1726207543.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_42016_192-168-163-23_80.1726207543.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T114916Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=524e2fbf09f5a9fbd8aec732115aeccdec4bae537445429da0fe90408bbfe908"} [2025-12-09 19:49:17.048] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:49:17.048] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:49:17.048] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:49:17.048] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:49:17.048] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:49:17.048] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:49:17.264] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_42016_192-168-163-23_80.1726207543.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280957048, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42016, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:49:17.264] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:49:17.264] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:49:17.264] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:49:17.264] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:49:20.170] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25197 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42214_192-168-163-23_80.1726208605.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42214_192-168-163-23_80.1726208605.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=6d41164719ab5967c02802e1e94499f79025dbf6da6975da20ee3a749105e591&X-Amz-Date=20251209T114919Z"} [2025-12-09 19:49:20.170] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:49:20.170] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:49:20.170] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:49:20.170] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:49:20.170] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:49:20.171] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:49:20.358] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42214_192-168-163-23_80.1726208605.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280960171, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42214, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:49:20.358] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:49:20.358] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:49:20.358] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:49:20.358] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:49:23.284] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24852 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42219_192-168-163-23_80.1726208620.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42219_192-168-163-23_80.1726208620.jsonl?X-Amz-Date=20251209T114922Z&X-Amz-Expires=604800&X-Amz-Signature=9aa93b225b4cebd726e23ebaa61f9b93683ed4668c8c3f7a56a8bc4cd2eb5d16&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-09 19:49:23.284] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:49:23.284] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:49:23.285] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:49:23.285] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:49:23.285] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:49:23.285] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:49:23.471] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42219_192-168-163-23_80.1726208620.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280963285, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42219, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:49:23.471] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:49:23.471] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:49:23.471] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:49:23.471] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:49:26.395] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25198 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54856_192-168-112-135_8443.1726627280.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54856_192-168-112-135_8443.1726627280.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251209T114925Z&X-Amz-Signature=14f35dd28e5e520c49a68acd755834a2923f9756561a895cbb35af9bd08ab660"} [2025-12-09 19:49:26.395] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:49:26.395] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:49:26.395] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:49:26.395] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:49:26.395] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:49:26.396] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:49:26.582] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54856_192-168-112-135_8443.1726627280.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280966396, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54856, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.997457094242526, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:49:26.582] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:49:26.582] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:49:26.582] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:49:26.582] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:49:29.501] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24107 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64740_192-168-112-135_8443.1726219074.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64740_192-168-112-135_8443.1726219074.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251209T114929Z&X-Amz-Expires=604800&X-Amz-Signature=0ca8fa20ca5aac4255bd1e6a840aac3d1442cc16563048d7b9bee18f23effd55&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:49:29.502] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:49:29.502] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:49:29.502] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:49:29.502] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:49:29.502] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:49:29.502] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:49:29.688] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64740_192-168-112-135_8443.1726219074.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280969502, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 64740, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9988654665344077, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:49:29.688] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:49:29.688] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:49:29.688] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:49:29.688] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:49:32.604] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24853 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_41983_192-168-163-23_80.1726207404.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_41983_192-168-163-23_80.1726207404.jsonl?X-Amz-Expires=604800&X-Amz-Signature=e5d1b1f88c422f890113bc1d5a13915d4550ecea32908bac69675b8a7899b88e&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T114932Z"} [2025-12-09 19:49:32.604] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:49:32.604] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:49:32.604] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:49:32.604] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:49:32.604] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:49:32.605] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:49:32.788] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_41983_192-168-163-23_80.1726207404.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280972605, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41983, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:49:32.788] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:49:32.788] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:49:32.788] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:49:32.788] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:49:35.716] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25199 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42209_192-168-163-23_80.1726208573.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42209_192-168-163-23_80.1726208573.jsonl?X-Amz-Date=20251209T114935Z&X-Amz-Expires=604800&X-Amz-Signature=043b7dc63cac6ba7e4d518e4a8aa5bcfa66336bb2c5c84ce4a975493933d17c2&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:49:35.716] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:49:35.716] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:49:35.716] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:49:35.716] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:49:35.716] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:49:35.717] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:49:35.899] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42209_192-168-163-23_80.1726208573.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280975717, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42209, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:49:35.899] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:49:35.899] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:49:35.899] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:49:35.899] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:49:38.819] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25200 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54851_192-168-112-135_8443.1726627275.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54851_192-168-112-135_8443.1726627275.jsonl?X-Amz-Signature=8788a0b663646a1d0d1925568bd7b07159cb83eb46d2c7c6a1238d1c5370aec6&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T114938Z"} [2025-12-09 19:49:38.819] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:49:38.819] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:49:38.820] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:49:38.820] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:49:38.820] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:49:38.820] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:49:39.006] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54851_192-168-112-135_8443.1726627275.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280978820, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54851, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9980349733615045, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:49:39.006] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:49:39.006] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:49:39.006] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:49:39.006] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:49:41.938] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25201 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51907.1726817685.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51907.1726817685.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=1aab13b6d6aea6cda3b14d666205c7cfd8f98d0b8ba44872bbe0f1d1265e9be2&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251209T114941Z"} [2025-12-09 19:49:41.938] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:49:41.938] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:49:41.939] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:49:41.939] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:49:41.939] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:49:41.939] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:49:42.125] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51907.1726817685.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280981939, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51907, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7498671072453136, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:49:42.125] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:49:42.125] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:49:42.125] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:49:42.125] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:49:45.041] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24108 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51910.1726817761.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51910.1726817761.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=592f4b16a5125016943e464acb08a2cd282943cbb8cf95ffad2f5a87f898d39e&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T114944Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:49:45.041] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:49:45.041] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:49:45.041] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:49:45.041] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:49:45.041] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:49:45.042] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:49:45.228] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51910.1726817761.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280985042, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51910, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9176733408604053, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:49:45.228] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:49:45.228] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:49:45.228] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:49:45.228] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:49:48.169] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24854 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51913.1726817837.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51913.1726817837.jsonl?X-Amz-Signature=05c6fc1df6c32d54d8792b2eb6358ce3c1eda69123e98b9fd5dd04a2d2a480d4&X-Amz-Expires=604800&X-Amz-Date=20251209T114947Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:49:48.169] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:49:48.169] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:49:48.169] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:49:48.169] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:49:48.169] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:49:48.170] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:49:48.355] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51913.1726817837.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280988170, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51913, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7804626368341007, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:49:48.355] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:49:48.355] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:49:48.355] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:49:48.355] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:49:51.282] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24855 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51152.1726796616.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51152.1726796616.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=7475acd8590e4bc6d962f34c50b4ee4cde8ca779ee6455ae4f4d17300694feae&X-Amz-Date=20251209T114950Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:49:51.282] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:49:51.282] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:49:51.283] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:49:51.283] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:49:51.283] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:49:51.283] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:49:51.505] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51152.1726796616.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280991284, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51152, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9564240808157058, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:49:51.505] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:49:51.505] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:49:51.505] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:49:51.505] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:49:54.396] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24109 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51155.1726796691.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51155.1726796691.jsonl?X-Amz-Signature=e2f3aff2279a3a1d2d8172f474983e64cd6d6428ddcdfff9b732b80a234b1cfe&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T114953Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-09 19:49:54.397] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:49:54.397] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:49:54.397] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:49:54.397] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:49:54.397] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:49:54.398] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:49:54.583] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51155.1726796691.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280994398, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51155, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6404692550467705, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:49:54.583] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:49:54.583] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:49:54.583] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:49:54.583] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:49:57.510] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25202 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51158.1726796767.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51158.1726796767.jsonl?X-Amz-Signature=461085b0743b56aa48cb83dcffc1ba564f8b8d40facb7ffe170b7d4d52628373&X-Amz-Date=20251209T114957Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-09 19:49:57.510] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:49:57.510] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:49:57.510] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:49:57.510] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:49:57.510] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:49:57.511] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:49:57.700] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51158.1726796767.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765280997511, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51158, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8248391299231592, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:49:57.700] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:49:57.700] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:49:57.700] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:49:57.700] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:50:00.628] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24110 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54848_192-168-112-135_8443.1726627269.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54848_192-168-112-135_8443.1726627269.jsonl?X-Amz-Date=20251209T115000Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=f9e9f7534560f48f42fbe00ee4f72ff60a3e93f5d58d6090890407537146f16a&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:50:00.628] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:50:00.628] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:50:00.628] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:50:00.628] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:50:00.628] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:50:00.628] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:50:00.817] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54848_192-168-112-135_8443.1726627269.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281000629, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54848, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9963970464067194, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:50:00.817] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:50:00.817] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:50:00.817] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:50:00.817] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:50:03.739] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24856 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_42018_192-168-163-23_80.1726207584.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_42018_192-168-163-23_80.1726207584.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T115003Z&X-Amz-Signature=75ffdcfe45d4154695b069fb6fa57ccb04e83d0740a33ba2248c8e7694e7a9aa&X-Amz-Expires=604800"} [2025-12-09 19:50:03.739] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:50:03.739] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:50:03.740] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:50:03.740] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:50:03.740] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:50:03.741] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:50:03.924] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_42018_192-168-163-23_80.1726207584.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281003741, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42018, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:50:03.924] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:50:03.924] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:50:03.924] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:50:03.924] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:50:06.851] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25203 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54857_192-168-112-135_8443.1726627282.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54857_192-168-112-135_8443.1726627282.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251209T115006Z&X-Amz-Signature=de41660fcfa8f19af832d086995ac468e98395146139e520a9a497f22e624388&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:50:06.851] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:50:06.851] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:50:06.851] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:50:06.851] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:50:06.851] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:50:06.852] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:50:07.037] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54857_192-168-112-135_8443.1726627282.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281006852, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54857, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9999970659245342, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:50:07.037] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:50:07.037] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:50:07.037] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:50:07.037] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:50:09.961] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24857 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_57835_192-168-32-40_80.1726196728.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_57835_192-168-32-40_80.1726196728.jsonl?X-Amz-Signature=b2332e5f0f2db624f1fcad1f41fe90fce00974b9f90f5acc005576098821e96c&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T115009Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-09 19:50:09.961] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:50:09.961] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:50:09.961] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:50:09.962] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:50:09.962] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:50:09.962] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:50:10.155] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_57835_192-168-32-40_80.1726196728.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281009963, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "protocol": 6, "src_port": 57835, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:50:10.155] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:50:10.155] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:50:10.155] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:50:10.155] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:50:13.075] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25204 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51810.1726814875.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51810.1726814875.jsonl?X-Amz-Date=20251209T115012Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=9a9959457055a2d58e510185a6d18d0f799221d4a2dc7373b8cdb2d82cddee1d"} [2025-12-09 19:50:13.075] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:50:13.075] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:50:13.076] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:50:13.076] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:50:13.076] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:50:13.076] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:50:13.261] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51810.1726814875.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281013076, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51810, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.8549264185255389, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:50:13.261] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:50:13.261] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:50:13.261] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:50:13.261] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:50:16.191] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25205 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51813.1726814951.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51813.1726814951.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=edde5586ae0127c09ce7485746f51932b2e43eadc65e4fcdb3bc6e840415bd7c&X-Amz-Date=20251209T115015Z&X-Amz-SignedHeaders=host"} [2025-12-09 19:50:16.191] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:50:16.191] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:50:16.192] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:50:16.192] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:50:16.192] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:50:16.193] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:50:16.379] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51813.1726814951.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281016193, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51813, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.9169213898566784, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:50:16.379] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:50:16.379] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:50:16.379] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:50:16.379] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:50:19.308] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24858 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51816.1726815027.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51816.1726815027.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T115018Z&X-Amz-Signature=48f5cf125a4b793d5d862fbb59f0decfb11d9ced3a2f9a77e1dfba6ddd62e0a9&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-09 19:50:19.308] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:50:19.308] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:50:19.308] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:50:19.308] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:50:19.308] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:50:19.309] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:50:19.494] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51816.1726815027.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281019309, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51816, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.7784450465277769, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:50:19.494] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:50:19.494] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:50:19.494] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:50:19.494] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:50:22.418] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24111 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51270.1726800812.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51270.1726800812.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=efb9aa550b00b9a5a77dfdd79727e0217f6996d9a0d8c81f43dfca82d6274a17&X-Amz-Date=20251209T115021Z"} [2025-12-09 19:50:22.418] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:50:22.418] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:50:22.418] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:50:22.419] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:50:22.419] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:50:22.419] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:50:22.605] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51270.1726800812.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281022419, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51270, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.8989305967628844, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:50:22.605] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:50:22.605] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:50:22.605] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:50:22.605] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:50:25.537] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25206 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51273.1726800888.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51273.1726800888.jsonl?X-Amz-Signature=72472d4690ca1072f24adc31973c5fe685b479c5bae711aebf654a8c18eafe62&X-Amz-Date=20251209T115025Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 19:50:25.537] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:50:25.537] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:50:25.537] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:50:25.537] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:50:25.537] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:50:25.538] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:50:25.723] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51273.1726800888.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281025538, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51273, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.8840743179035093, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:50:25.723] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:50:25.723] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:50:25.723] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:50:25.723] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:50:28.650] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24859 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51276.1726800964.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51276.1726800964.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T115028Z&X-Amz-Signature=3d26ee1297c8c49947cab7c30bb235447b8a9d799f2770e2007350f270597621&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 19:50:28.650] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:50:28.650] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:50:28.650] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:50:28.650] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:50:28.650] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:50:28.651] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:50:28.867] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51276.1726800964.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281028652, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51276, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.6494420354275284, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:50:28.867] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:50:28.867] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:50:28.867] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:50:28.867] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:50:31.759] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24112 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_42017_192-168-163-23_80.1726207569.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_42017_192-168-163-23_80.1726207569.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=3e6c9ecfd795f4326d8905c893ec29f41d8cf7f7cf85676d3dbcd1ef61ec7e42&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T115031Z"} [2025-12-09 19:50:31.759] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:50:31.759] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:50:31.759] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:50:31.759] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:50:31.759] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:50:31.760] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:50:31.940] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_42017_192-168-163-23_80.1726207569.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281031760, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42017, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:50:31.940] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:50:31.940] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:50:31.940] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:50:31.940] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:50:34.862] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24113 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51904.1726817609.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51904.1726817609.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T115034Z&X-Amz-Signature=7cf533f938fb7b76fffb3117eb91fb55e82a27146129822a881301efd6116b5e"} [2025-12-09 19:50:34.862] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:50:34.862] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:50:34.862] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:50:34.862] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:50:34.862] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:50:34.863] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:50:35.047] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51904.1726817609.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281034863, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51904, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9077258172569825, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:50:35.047] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:50:35.047] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:50:35.047] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:50:35.047] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:50:37.966] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24114 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51149.1726796540.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51149.1726796540.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T115037Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=bbecb3baa3b4ad7ecc62f5396d21c5110ffed32278d3d39116bec850025b94c1"} [2025-12-09 19:50:37.966] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:50:37.966] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:50:37.966] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:50:37.966] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:50:37.966] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:50:37.967] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:50:38.152] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51149.1726796540.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281037967, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51149, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7930476786332924, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:50:38.152] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:50:38.152] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:50:38.152] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:50:38.152] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:50:41.080] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24115 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51867.1726816604.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51867.1726816604.jsonl?X-Amz-Date=20251209T115040Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=086a05d8367c2d7a8a12c444757bd93f184062db41b4e68d17f3c5dece5b880f&X-Amz-SignedHeaders=host"} [2025-12-09 19:50:41.080] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:50:41.081] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:50:41.081] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:50:41.081] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:50:41.081] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:50:41.081] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:50:41.266] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51867.1726816604.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281041081, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51867, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8704952835928917, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:50:41.266] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:50:41.266] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:50:41.266] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:50:41.266] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:50:44.193] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24860 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51870.1726816680.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51870.1726816680.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251209T115043Z&X-Amz-Signature=8e9675a3c6d7d0033be35dbc92eba08985c21c774c66c835f101bf50abcf0039&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-09 19:50:44.193] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:50:44.193] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:50:44.193] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:50:44.193] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:50:44.193] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:50:44.194] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:50:44.380] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51870.1726816680.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281044194, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51870, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9153528874092203, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:50:44.380] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:50:44.380] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:50:44.380] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:50:44.380] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:50:47.296] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24861 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51111.1726795487.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51111.1726795487.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=a7543fe6b4ac5a7cf604564aadb35dac0af65596dc0155da5b52f5bf2abce81d&X-Amz-Date=20251209T115046Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-09 19:50:47.297] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:50:47.297] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:50:47.297] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:50:47.297] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:50:47.297] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:50:47.297] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:50:47.488] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51111.1726795487.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281047297, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51111, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.916775698659375, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:50:47.488] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:50:47.488] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:50:47.488] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:50:47.488] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:50:50.408] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24862 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51114.1726795563.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51114.1726795563.jsonl?X-Amz-Expires=604800&X-Amz-Signature=691d7f83945f2d79a7d672693f05f76271972364dbd782d4b995ae5c319d0b01&X-Amz-Date=20251209T115049Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:50:50.408] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:50:50.408] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:50:50.408] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:50:50.408] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:50:50.408] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:50:50.409] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:50:50.597] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51114.1726795563.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281050409, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51114, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9777326623147766, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:50:50.597] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:50:50.597] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:50:50.597] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:50:50.597] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:50:53.511] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25207 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54849_192-168-112-135_8443.1726627273.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54849_192-168-112-135_8443.1726627273.jsonl?X-Amz-Date=20251209T115053Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=05796bb1d81f1515557d0290b41804abf0069e8692f48e7eb6f1ca2ca0e704c3"} [2025-12-09 19:50:53.511] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:50:53.511] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:50:53.511] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:50:53.511] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:50:53.512] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:50:53.512] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:50:53.697] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54849_192-168-112-135_8443.1726627273.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281053512, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54849, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9986786416097165, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:50:53.697] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:50:53.697] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:50:53.697] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:50:53.697] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:50:56.613] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24116 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_42003_192-168-163-23_80.1726207471.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_42003_192-168-163-23_80.1726207471.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=0a48ea6b6fa43e700f02edb2fe6a91c00c4299fc96eaa005ca8a6d8c57fc2fd5&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T115056Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:50:56.613] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:50:56.613] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:50:56.613] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:50:56.613] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:50:56.613] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:50:56.613] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:50:56.798] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_42003_192-168-163-23_80.1726207471.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281056614, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42003, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:50:56.798] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:50:56.798] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:50:56.798] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:50:56.798] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:50:59.722] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24117 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51807.1726814799.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51807.1726814799.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=fdb6af46e61e54aca2aa6213bdab900fe1f94f10e3a6f76b7f16c6a51b798675&X-Amz-Date=20251209T115059Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:50:59.722] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:50:59.722] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:50:59.722] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:50:59.722] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:50:59.722] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:50:59.723] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:50:59.919] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51807.1726814799.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281059723, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51807, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.8944676465086725, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:50:59.919] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:50:59.919] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:50:59.919] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:50:59.919] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:51:02.837] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24863 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51267.1726800736.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51267.1726800736.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T115102Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=e246e8e8e25aac371027a8334f7040650cf663e51fc73277fb4ec7bb14ab2151&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:51:02.837] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:51:02.837] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:51:02.837] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:51:02.837] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:51:02.837] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:51:02.838] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:51:03.029] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51267.1726800736.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281062838, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51267, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.9520112014972585, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:51:03.029] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:51:03.029] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:51:03.029] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:51:03.029] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:51:05.940] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24118 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51767.1726813702.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51767.1726813702.jsonl?X-Amz-Expires=604800&X-Amz-Signature=b7697ea81529e64d9f896b67f5bfd730b60bea316014cf6733b7060280a4582c&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T115105Z"} [2025-12-09 19:51:05.940] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:51:05.940] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:51:05.940] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:51:05.940] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:51:05.940] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:51:05.941] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:51:06.130] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51767.1726813702.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281065942, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51767, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.9438503413518589, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:51:06.130] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:51:06.130] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:51:06.130] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:51:06.130] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:51:09.052] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25208 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51770.1726813778.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51770.1726813778.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=6e3465f3749759867bd99b87dccb6ccc0efa57ad1f778694ad120d9044259a48&X-Amz-Date=20251209T115108Z"} [2025-12-09 19:51:09.052] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:51:09.052] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:51:09.052] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:51:09.052] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:51:09.052] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:51:09.053] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:51:09.238] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51770.1726813778.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281069053, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51770, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.7144807820989244, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:51:09.239] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:51:09.239] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:51:09.239] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:51:09.239] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:51:12.167] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25209 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51864.1726816528.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51864.1726816528.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T115111Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=cb1d062f02a05157ab67463d1300980e39da7c096e73c38c08a5f5a8bcad73e0"} [2025-12-09 19:51:12.168] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:51:12.168] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:51:12.168] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:51:12.168] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:51:12.168] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:51:12.168] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:51:12.387] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51864.1726816528.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281072168, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51864, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9406154167358071, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:51:12.387] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:51:12.387] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:51:12.387] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:51:12.387] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:51:15.272] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25210 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51221.1726799571.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51221.1726799571.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T115114Z&X-Amz-Expires=604800&X-Amz-Signature=67164ad4e715fc4b8027165c9a17e4952e0738272b7e38670dcc6d5c7949ce3a&X-Amz-SignedHeaders=host"} [2025-12-09 19:51:15.272] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:51:15.272] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:51:15.272] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:51:15.272] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:51:15.272] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:51:15.273] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:51:15.459] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51221.1726799571.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281075273, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51221, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.9473445349389896, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:51:15.459] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:51:15.459] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:51:15.459] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:51:15.459] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:51:18.379] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24119 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51224.1726799647.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51224.1726799647.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=6d37671b31d9e28a7fe72914e0cf2121e3388a84afcf7e9fd68b0512ac8e1641&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T115117Z"} [2025-12-09 19:51:18.379] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:51:18.379] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:51:18.380] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:51:18.380] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:51:18.380] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:51:18.381] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:51:18.568] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51224.1726799647.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281078381, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51224, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.8517472665546844, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:51:18.568] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:51:18.568] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:51:18.568] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:51:18.568] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:51:21.494] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24864 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51108.1726795411.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51108.1726795411.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=2503921dc60b2ac0d9d7e836be784d5423b0de19ad1397053175bfb0ec945fca&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251209T115120Z"} [2025-12-09 19:51:21.494] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:51:21.494] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:51:21.494] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:51:21.495] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:51:21.495] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:51:21.495] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:51:21.681] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51108.1726795411.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281081495, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51108, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8392515804044033, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:51:21.681] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:51:21.681] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:51:21.681] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:51:21.681] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:51:24.615] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24865 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51764.1726813626.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51764.1726813626.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=b9f4b9632696db861155a68826ebd648dbf6ffb48c6073c3be14823a42b5e9c4&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T115124Z"} [2025-12-09 19:51:24.615] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:51:24.615] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:51:24.615] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:51:24.615] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:51:24.615] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:51:24.615] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:51:24.801] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51764.1726813626.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281084616, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51764, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.9325163085458639, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:51:24.801] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:51:24.801] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:51:24.801] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:51:24.801] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:51:27.729] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24120 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51218.1726799495.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51218.1726799495.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=c162351c9af81244fbd624c4510998d056cec1f939a4223a6fa3b8710e771111&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T115127Z"} [2025-12-09 19:51:27.729] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:51:27.729] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:51:27.729] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:51:27.729] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:51:27.729] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:51:27.730] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:51:27.917] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51218.1726799495.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281087730, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51218, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.8795958530980557, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:51:27.918] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:51:27.918] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:51:27.918] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:51:27.918] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:51:30.841] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24866 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41737_192-168-163-23_80.1726206235.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41737_192-168-163-23_80.1726206235.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=46721baafd0b9b336706e498b1d6688d994c9fb6ac925a0241e8e0835ecc8192&X-Amz-Date=20251209T115130Z"} [2025-12-09 19:51:30.841] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:51:30.841] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:51:30.841] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:51:30.841] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:51:30.841] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:51:30.842] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:51:31.028] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41737_192-168-163-23_80.1726206235.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281090842, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41737, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:51:31.028] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:51:31.028] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:51:31.028] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:51:31.028] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:51:33.954] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25211 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51905.1726817625.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51905.1726817625.jsonl?X-Amz-Signature=84fb7429f59f0a67149d243512083dfa7fe67bd66a763779e1e64f5d2c0955f9&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T115133Z"} [2025-12-09 19:51:33.954] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:51:33.954] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:51:33.954] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:51:33.954] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:51:33.954] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:51:33.955] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:51:34.151] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51905.1726817625.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281093955, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51905, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5694710971835998, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:51:34.151] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:51:34.151] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:51:34.151] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:51:34.151] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:51:37.063] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24121 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51150.1726796555.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51150.1726796555.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=62bbffafcb6623a6dfda7bb7813e0f1eef9d5c89fca358362d93d8460b7ee805&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T115136Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-09 19:51:37.063] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:51:37.063] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:51:37.063] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:51:37.063] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:51:37.063] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:51:37.063] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:51:37.250] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51150.1726796555.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281097064, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51150, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.683703974792815, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:51:37.250] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:51:37.250] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:51:37.250] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:51:37.250] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:51:40.182] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24867 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51808.1726814815.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51808.1726814815.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T115139Z&X-Amz-Signature=611ae2f2b8d43d4ba20886bfeabfc2f331de08285719789ce315ab3d5adc2ac1&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:51:40.182] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:51:40.182] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:51:40.183] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:51:40.183] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:51:40.183] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:51:40.183] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:51:40.370] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51808.1726814815.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281100184, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51808, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.8541901061252963, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:51:40.370] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:51:40.370] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:51:40.370] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:51:40.370] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:51:43.295] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24868 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51268.1726800751.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51268.1726800751.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=cf592404816f6ca4cf78de320029fc72c48376f1040ead1e9e1fb45df6d7a489&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T115142Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:51:43.295] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:51:43.295] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:51:43.295] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:51:43.295] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:51:43.295] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:51:43.296] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:51:43.516] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51268.1726800751.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281103296, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51268, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.5903049085195861, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:51:43.516] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:51:43.516] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:51:43.516] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:51:43.516] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:51:46.405] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25212 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55484_192-168-112-135_80.1727254857.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55484_192-168-112-135_80.1727254857.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T115145Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=f54c56b497fbe098bfe6eeb61ce75238a79abc9c4821ff7e467566fd1cddfced&X-Amz-SignedHeaders=host"} [2025-12-09 19:51:46.405] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:51:46.405] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:51:46.405] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:51:46.405] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:51:46.405] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:51:46.406] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:51:46.590] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55484_192-168-112-135_80.1727254857.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281106406, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 55484, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:51:46.590] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:51:46.590] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:51:46.590] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:51:46.590] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:51:49.526] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25213 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64738_192-168-112-135_8443.1726219066.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64738_192-168-112-135_8443.1726219066.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=4e88b34eb0ad01d86cb49bb9dde3b9a971ffb1fb4f7d80e666b66784df1f7529&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T115149Z"} [2025-12-09 19:51:49.526] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:51:49.526] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:51:49.527] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:51:49.527] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:51:49.527] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:51:49.527] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:51:49.715] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64738_192-168-112-135_8443.1726219066.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281109527, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 64738, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9966612369206724, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:51:49.715] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:51:49.715] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:51:49.715] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:51:49.715] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:51:52.629] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25214 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51147.1726796464.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51147.1726796464.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251209T115152Z&X-Amz-SignedHeaders=host&X-Amz-Signature=3e9735be0ff98800ca63e6654d4bc2854e45f7daa5dba9eaf4096a62a28d050a&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:51:52.629] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:51:52.629] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:51:52.629] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:51:52.629] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:51:52.629] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:51:52.630] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:51:52.816] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51147.1726796464.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281112630, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51147, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.5574287788486448, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 19:51:52.816] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:51:52.816] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:51:52.816] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:51:52.816] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:51:55.748] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24869 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51908.1726817701.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51908.1726817701.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=8608d9a19a0aed3d6330dc9f0be9a34c952dea409a68acd01b43bb1e8a04aa73&X-Amz-Date=20251209T115155Z"} [2025-12-09 19:51:55.748] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:51:55.748] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:51:55.749] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:51:55.749] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:51:55.749] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:51:55.749] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:51:55.935] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51908.1726817701.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281115749, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51908, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9837638142753491, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:51:55.935] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:51:55.935] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:51:55.935] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:51:55.935] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:51:58.858] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24122 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51914.1726817852.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51914.1726817852.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251209T115158Z&X-Amz-Signature=b2fbc4d658d9dd8003a0e92b731a28f5a517dc08dd615fbe80d825da40f3079c&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-09 19:51:58.858] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:51:58.859] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:51:58.859] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:51:58.859] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:51:58.859] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:51:58.859] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:51:59.045] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51914.1726817852.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281118859, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51914, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5219725503828033, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:51:59.045] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:51:59.045] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:51:59.045] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:51:59.045] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:52:01.972] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24870 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51153.1726796631.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51153.1726796631.jsonl?X-Amz-Date=20251209T115201Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=0d9601f4edbaa7535e3172ae5cfd2b6fcaf3f53c42011d1f8eaca5c6b913c0da"} [2025-12-09 19:52:01.972] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:52:01.972] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:52:01.972] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:52:01.972] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:52:01.972] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:52:01.973] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:52:02.159] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51153.1726796631.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281121973, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51153, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7858296540117953, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:52:02.159] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:52:02.160] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:52:02.160] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:52:02.160] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:52:05.087] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24123 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51159.1726796783.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51159.1726796783.jsonl?X-Amz-Date=20251209T115204Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=95c1cd9e6a71f157bbb4acc8c339dea0a5c3d816d4acbdbc87d759a20da5bccc&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 19:52:05.087] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:52:05.087] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:52:05.088] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:52:05.088] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:52:05.088] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:52:05.088] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:52:05.275] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51159.1726796783.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281125088, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51159, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7354736177059842, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:52:05.275] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:52:05.275] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:52:05.275] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:52:05.275] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:52:08.206] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24871 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51805.1726814724.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51805.1726814724.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T115207Z&X-Amz-Signature=ebe6417f39e7d7d893442565fb2cf456960882cadc1a1f3c32215b885229c5ca&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-09 19:52:08.206] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:52:08.206] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:52:08.206] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:52:08.206] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:52:08.206] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:52:08.206] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:52:08.394] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51805.1726814724.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281128206, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51805, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.7787013078659158, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:52:08.394] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:52:08.394] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:52:08.394] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:52:08.394] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:52:11.316] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25215 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51898.1726817457.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51898.1726817457.jsonl?X-Amz-Expires=604800&X-Amz-Signature=0e86776982ac8c3c6c46c4a679c119da201c688096397d2a1dbcff2f8020a6a6&X-Amz-Date=20251209T115210Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:52:11.317] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:52:11.317] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:52:11.317] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:52:11.317] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:52:11.317] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:52:11.317] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:52:11.504] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51898.1726817457.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281131317, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51898, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5531385391749607, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:52:11.504] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:52:11.504] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:52:11.504] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:52:11.504] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:52:14.420] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25216 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51142.1726796372.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51142.1726796372.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T115213Z&X-Amz-SignedHeaders=host&X-Amz-Signature=2f2909c145f1b1b96361eee8112d86672d91098172ea744a927c9d66057fbdcb&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:52:14.420] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:52:14.420] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:52:14.420] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:52:14.420] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:52:14.420] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:52:14.421] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:52:14.616] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51142.1726796372.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281134421, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51142, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9002966346730812, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:52:14.616] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:52:14.616] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:52:14.616] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:52:14.616] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:52:17.536] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24124 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51862.1726816453.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51862.1726816453.jsonl?X-Amz-Signature=d30417fa42c3c8a8efea8e8cb45dd3332de8fef92c40e9ee3e4fb1c036d7bef9&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T115217Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:52:17.536] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:52:17.536] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:52:17.536] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:52:17.536] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:52:17.536] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:52:17.536] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:52:17.752] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51862.1726816453.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281137536, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51862, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8621027184790087, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:52:17.752] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:52:17.752] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:52:17.752] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:52:17.752] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:52:20.654] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24872 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51106.1726795336.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51106.1726795336.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=fb921eccd5714bc1f207e3c2bc056f011c5db8976f86298f58704d3aa006beb6&X-Amz-Date=20251209T115220Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:52:20.654] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:52:20.654] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:52:20.654] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:52:20.655] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:52:20.655] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:52:20.655] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:52:20.839] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51106.1726795336.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281140655, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51106, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.715040822249808, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:52:20.839] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:52:20.839] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:52:20.839] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:52:20.839] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:52:23.765] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24873 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51800.1726814632.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51800.1726814632.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T115223Z&X-Amz-Expires=604800&X-Amz-Signature=17838503938524ec0b839841c76f8b007bc2ca59313e126c633cfcb482f044a8"} [2025-12-09 19:52:23.765] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:52:23.765] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:52:23.765] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:52:23.765] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:52:23.765] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:52:23.766] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:52:23.955] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51800.1726814632.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281143766, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51800, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.9255906624646884, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:52:23.955] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:52:23.955] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:52:23.955] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:52:23.955] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:52:26.868] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24125 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51260.1726800568.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51260.1726800568.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251209T115226Z&X-Amz-Signature=3a8c90004f2864474c1f639adb3ba793de1ab5152657f18ca7a1c99288a5187a&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:52:26.868] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:52:26.868] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:52:26.868] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:52:26.868] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:52:26.868] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:52:26.869] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:52:27.055] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51260.1726800568.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281146869, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51260, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.7938605210350151, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:52:27.055] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:52:27.055] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:52:27.055] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:52:27.055] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:52:29.988] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24874 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51216.1726799420.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51216.1726799420.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251209T115229Z&X-Amz-SignedHeaders=host&X-Amz-Signature=ee93aa78a0f3182df146a46037d2a72a4bf72c075a553b1b5bb495443402d7f7&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:52:29.988] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:52:29.988] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:52:29.988] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:52:29.988] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:52:29.988] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:52:29.989] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:52:30.175] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51216.1726799420.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281149989, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51216, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.84095193599556, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:52:30.175] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:52:30.175] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:52:30.175] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:52:30.175] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:52:33.091] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24875 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51811.1726814891.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51811.1726814891.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T115232Z&X-Amz-Signature=6b1ec813cb2d88177e8efeb9acc279869506c0e1252bd723f7c90ed2f7cece89&X-Amz-Expires=604800"} [2025-12-09 19:52:33.091] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:52:33.091] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:52:33.091] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:52:33.091] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:52:33.091] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:52:33.092] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:52:33.289] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51811.1726814891.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281153092, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51811, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.9902186269105376, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:52:33.289] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:52:33.289] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:52:33.289] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:52:33.289] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:52:36.205] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25217 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51271.1726800827.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51271.1726800827.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T115235Z&X-Amz-Signature=ca6c05a1496fb0e1e7ce5d921131fbf2371dc8d2640247abadf0c1add54abfe2&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:52:36.205] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:52:36.205] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:52:36.205] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:52:36.205] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:52:36.205] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:52:36.205] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:52:36.390] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51271.1726800827.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281156205, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51271, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.8192816349849472, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:52:36.390] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:52:36.390] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:52:36.390] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:52:36.390] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:52:39.330] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25218 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51277.1726800979.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51277.1726800979.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=8c23a1576869c97cebfdaef440d77d0b0522e5814a5d158582e8d8bb30efd022&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T115238Z"} [2025-12-09 19:52:39.330] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:52:39.330] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:52:39.330] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:52:39.330] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:52:39.330] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:52:39.331] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:52:39.516] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51277.1726800979.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281159331, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51277, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.9912261189471189, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:52:39.516] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:52:39.516] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:52:39.516] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:52:39.516] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:52:42.431] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25219 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41383_192-168-163-23_80.1726204486.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41383_192-168-163-23_80.1726204486.jsonl?X-Amz-Signature=6f9def7743b0eac6e6b75902a9f983fe642058f94d9aafcaad8d955a5684799b&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T115241Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 19:52:42.431] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:52:42.431] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:52:42.431] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:52:42.431] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:52:42.431] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:52:42.432] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:52:42.615] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41383_192-168-163-23_80.1726204486.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281162432, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41383, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:52:42.615] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:52:42.615] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:52:42.615] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:52:42.615] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:52:45.547] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24876 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41342_192-168-163-23_80.1726204181.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41342_192-168-163-23_80.1726204181.jsonl?X-Amz-Signature=56d782aa40ee1be98b84ae6d6bcd9ef99458a8c120a0852b7f9d7b8fedc1dbca&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T115245Z&X-Amz-Expires=604800"} [2025-12-09 19:52:45.547] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:52:45.547] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:52:45.547] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:52:45.547] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:52:45.547] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:52:45.548] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:52:45.732] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41342_192-168-163-23_80.1726204181.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281165548, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41342, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:52:45.732] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:52:45.732] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:52:45.732] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:52:45.732] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:52:48.649] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24877 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41721_192-168-163-23_80.1726206189.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41721_192-168-163-23_80.1726206189.jsonl?X-Amz-Expires=604800&X-Amz-Signature=1e084e920d96b3f91b17b275e95da3902ff0771236295a324e3e0134551678c4&X-Amz-Date=20251209T115248Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-09 19:52:48.649] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:52:48.649] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:52:48.649] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:52:48.649] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:52:48.649] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:52:48.650] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:52:48.834] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41721_192-168-163-23_80.1726206189.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281168650, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41721, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:52:48.835] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:52:48.835] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:52:48.835] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:52:48.835] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:52:51.753] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24126 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51902.1726817549.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51902.1726817549.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T115251Z&X-Amz-Expires=604800&X-Amz-Signature=f280d333e5a467c7961bdb020a76c89fcb87e27f42078f9d58105c39db8ab09e&X-Amz-SignedHeaders=host"} [2025-12-09 19:52:51.754] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:52:51.754] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:52:51.754] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:52:51.754] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:52:51.754] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:52:51.755] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:52:51.973] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51902.1726817549.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281171755, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51902, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9931240746423159, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:52:51.973] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:52:51.973] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:52:51.973] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:52:51.973] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:54:42.407] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24878 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_44018.1726130594.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_44018.1726130594.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=43a6b21075a4d933e4333ead3b82d12f9dc677ced6e757fa70351a974978a5f2&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T115441Z&X-Amz-Expires=604800"} [2025-12-09 19:54:42.407] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:54:42.407] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:54:42.408] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:54:42.408] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:54:42.408] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:54:42.409] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:54:42.641] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_44018.1726130594.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765281282409, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:54:42.641] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:54:42.641] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:54:45.520] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24127 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_44022.1726130597.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_44022.1726130597.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=c1384de5702e5b98ae072472a37860c3f4e1182ebc378cc93951b54abb49dc9a&X-Amz-Expires=604800&X-Amz-Date=20251209T115445Z"} [2025-12-09 19:54:45.520] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:54:45.520] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:54:45.520] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:54:45.520] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:54:45.520] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:54:45.521] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:54:45.707] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_44022.1726130597.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281285521, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44022, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.6728841833184426, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:54:45.707] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:54:45.707] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:54:45.707] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:54:45.707] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:54:48.641] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24879 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_44036.1726130600.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_44036.1726130600.jsonl?X-Amz-Expires=604800&X-Amz-Signature=7b49ec4881d142b7b360a6ec15a1bdbd50a3d64510dd764cefd8509c04f76b8a&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T115448Z"} [2025-12-09 19:54:48.641] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:54:48.641] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:54:48.641] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:54:48.641] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:54:48.641] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:54:48.642] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:54:48.828] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_44036.1726130600.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281288642, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44036, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.8465086067455839, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:54:48.829] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:54:48.829] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:54:48.829] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:54:48.829] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:54:51.746] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25220 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_43376.1726129534.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_43376.1726129534.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T115451Z&X-Amz-SignedHeaders=host&X-Amz-Signature=362a0cedfcf1cb5cb7dbef969082ea87ea337efd6985d92502008064ba1f4a1c&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:54:51.746] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:54:51.746] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:54:51.746] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:54:51.746] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:54:51.746] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:54:51.747] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:54:51.934] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_43376.1726129534.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281291747, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 43376, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5495919355088006, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:54:51.934] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:54:51.934] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:54:51.934] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:54:51.934] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:54:54.865] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24128 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_43412.1726129540.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_43412.1726129540.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251209T115454Z&X-Amz-SignedHeaders=host&X-Amz-Signature=0872411d419506847d136e0f5390948b2146bfe62fe1abb5ebc960cc2d548ac0"} [2025-12-09 19:54:54.865] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:54:54.865] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:54:54.866] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:54:54.866] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:54:54.866] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:54:54.867] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:54:55.055] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_43412.1726129540.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765281294867, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:54:55.055] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:54:55.055] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:54:57.969] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24880 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_50538.1726129531.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_50538.1726129531.jsonl?X-Amz-Signature=4140a4a4d697890a9c45e70f573f3c2d8534f930e59a8f166ebba06f03623351&X-Amz-Expires=604800&X-Amz-Date=20251209T115457Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:54:57.969] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:54:57.969] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:54:57.970] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:54:57.970] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:54:57.970] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:54:57.971] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:54:58.157] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_50538.1726129531.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281297971, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 50538, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6610424197399033, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:54:58.157] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:54:58.157] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:54:58.157] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:54:58.157] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:55:01.083] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24881 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_33044.1726129602.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_33044.1726129602.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=e6e92406770529a425b9b006cd4e3743658eaa1fe8b7a23f3d7966fb9fc3348a&X-Amz-Date=20251209T115500Z&X-Amz-Expires=604800"} [2025-12-09 19:55:01.083] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:55:01.083] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:55:01.084] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:55:01.084] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:55:01.084] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:55:01.084] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:55:01.271] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_33044.1726129602.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281301084, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 33044, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7244387815839199, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:55:01.271] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:55:01.271] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:55:01.271] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:55:01.271] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:55:04.199] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25221 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_33072.1726129605.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_33072.1726129605.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=720f2be199f39af576d0e536ffd93cb5115128601947f8cb3169a0c59f87776f&X-Amz-Expires=604800&X-Amz-Date=20251209T115503Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:55:04.199] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:55:04.199] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:55:04.199] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:55:04.199] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:55:04.199] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:55:04.200] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:55:04.386] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_33072.1726129605.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281304200, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 33072, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6961407686164033, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:55:04.386] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:55:04.386] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:55:04.386] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:55:04.386] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:55:07.308] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24129 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_45844.1726129596.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_45844.1726129596.jsonl?X-Amz-Signature=45f9fb504e17cde2f2a942d00cb1e5ed894882f27cf4483df2d0e49c1932f764&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T115506Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 19:55:07.308] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:55:07.308] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:55:07.309] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:55:07.309] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:55:07.309] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:55:07.309] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:55:07.495] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_45844.1726129596.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281307309, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 45844, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8579854060527151, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:55:07.495] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:55:07.495] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:55:07.495] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:55:07.495] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:55:10.426] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24130 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_36990.1726129656.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_36990.1726129656.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=590f9a1062dbdabe76912c2ac70c1a9259dc1d2ca809c5eaf7954a0f666bfa25&X-Amz-Date=20251209T115509Z"} [2025-12-09 19:55:10.427] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:55:10.427] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:55:10.427] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:55:10.427] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:55:10.427] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:55:10.427] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:55:10.614] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_36990.1726129656.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281310427, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 36990, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5463985466238093, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:55:10.614] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:55:10.614] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:55:10.614] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:55:10.614] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:55:13.537] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24131 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52800_192-168-32-40_443.1726127475.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52800_192-168-32-40_443.1726127475.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=6a14a35837d43cc7e45f3a19ed03e80ce1be5fb55bb6a6be33acdbef635aec96&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T115513Z"} [2025-12-09 19:55:13.537] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:55:13.537] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:55:13.538] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:55:13.538] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:55:13.538] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:55:13.538] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:55:13.723] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52800_192-168-32-40_443.1726127475.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281313538, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "protocol": 6, "src_port": 52800, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.999166268488673, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:55:13.723] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:55:13.723] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:55:13.723] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:55:13.723] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:55:16.656] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24132 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53638_192-168-112-135_443.1726625075.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53638_192-168-112-135_443.1726625075.jsonl?X-Amz-Expires=604800&X-Amz-Signature=9562b040edebc164e746351654b5c233550d532738cabd49abc9c4a380abb94c&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T115516Z&X-Amz-SignedHeaders=host"} [2025-12-09 19:55:16.657] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:55:16.657] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:55:16.657] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:55:16.657] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:55:16.657] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:55:16.657] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:55:16.843] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53638_192-168-112-135_443.1726625075.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281316657, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53638, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999929970441578, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:55:16.843] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:55:16.843] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:55:16.843] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:55:16.843] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:55:19.771] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25222 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53621_192-168-112-135_443.1726625033.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53621_192-168-112-135_443.1726625033.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251209T115519Z&X-Amz-Signature=8af29cf4943bd6727e4c9f91ed00f0b83d1d99207b574a1bd957f9ca886a1cfb&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:55:19.772] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:55:19.772] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:55:19.772] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:55:19.772] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:55:19.772] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:55:19.772] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:55:19.958] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53621_192-168-112-135_443.1726625033.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281319772, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53621, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999490768632505, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:55:19.958] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:55:19.958] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:55:19.958] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:55:19.958] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:55:22.884] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25223 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53649_192-168-112-135_443.1726625102.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53649_192-168-112-135_443.1726625102.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T115522Z&X-Amz-Signature=5362d4fbeb65232117de1f7286ad03c5b01fbdc11230a90d3e01ea37ccacc75e&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:55:22.885] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:55:22.885] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:55:22.885] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:55:22.885] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:55:22.885] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:55:22.885] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:55:23.071] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53649_192-168-112-135_443.1726625102.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281322885, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53649, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.999971687684557, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:55:23.071] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:55:23.071] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:55:23.071] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:55:23.071] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:55:26.004] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24133 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50496.1727159736.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50496.1727159736.jsonl?X-Amz-Signature=7a3a1922a1cce07a54d950749ca66d1206277c04dce0c1e3748ea876918bd3d5&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T115525Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-09 19:55:26.004] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:55:26.004] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:55:26.004] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:55:26.004] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:55:26.004] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:55:26.005] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:55:26.190] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50496.1727159736.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281326005, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50496, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9188679536963599, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:55:26.190] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:55:26.190] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:55:26.190] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:55:26.190] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:55:29.107] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24134 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41854_192-168-163-23_443.1726206884.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41854_192-168-163-23_443.1726206884.jsonl?X-Amz-Date=20251209T115528Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=29df9e4b807dd846e24b2261b59770b4ef88009f791f6a19930a3c2a81728251"} [2025-12-09 19:55:29.107] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:55:29.107] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:55:29.108] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:55:29.108] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:55:29.108] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:55:29.108] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:55:29.294] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41854_192-168-163-23_443.1726206884.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281329108, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41854, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9997953727110176, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:55:29.294] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:55:29.294] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:55:29.294] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:55:29.294] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:55:32.221] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24882 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_57745_192-168-32-40_80.1726196721.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_57745_192-168-32-40_80.1726196721.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=6190a985d7bc512287c44efce7374919052f7050f63692db7f11c1b6d69dea29&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251209T115531Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:55:32.221] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:55:32.221] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:55:32.222] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:55:32.222] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:55:32.222] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:55:32.222] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:55:32.407] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_57745_192-168-32-40_80.1726196721.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281332223, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "protocol": 6, "src_port": 57745, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:55:32.407] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:55:32.407] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:55:32.407] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:55:32.407] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:55:35.336] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24135 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP2.pcap.TCP_192-168-112-140_51119_192-168-112-141_49198.1727231971.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP2.pcap.TCP_192-168-112-140_51119_192-168-112-141_49198.1727231971.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T115534Z&X-Amz-Signature=9a06b2c9f46c4d5b71e2e3e581855854bc407a63a8328b6ef74ca782995cdae9&X-Amz-Expires=604800"} [2025-12-09 19:55:35.336] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:55:35.336] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:55:35.336] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:55:35.336] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:55:35.336] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:55:35.336] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:55:35.522] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP2.pcap.TCP_192-168-112-140_51119_192-168-112-141_49198.1727231971.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281335336, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49198, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9944640734596082, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:55:35.522] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:55:35.522] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:55:35.522] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:55:35.522] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:55:38.451] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24883 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44878.1726132156.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44878.1726132156.jsonl?X-Amz-Signature=bb339e8dfc3d2554c3b22bb0167deeb347ef86025dfd0be51c059545efa035d1&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251209T115537Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-09 19:55:38.451] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:55:38.451] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:55:38.452] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:55:38.452] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:55:38.452] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:55:38.452] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:55:38.639] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44878.1726132156.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281338452, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44878, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7886796948345814, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:55:38.639] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:55:38.639] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:55:38.639] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:55:38.639] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:55:41.569] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25224 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44880.1726132160.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44880.1726132160.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=c7e60b087f59ef72e03c3b248aa76ebaab731deaa4690499f67c6b633441a882&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T115541Z"} [2025-12-09 19:55:41.569] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:55:41.569] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:55:41.569] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:55:41.569] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:55:41.569] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:55:41.570] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:55:41.756] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44880.1726132160.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281341570, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44880, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7927806494649347, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:55:41.757] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:55:41.757] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:55:41.757] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:55:41.757] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:55:44.677] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24136 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44882.1726132164.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44882.1726132164.jsonl?X-Amz-Signature=3d29407c668aa49884ac77015d3b69bb6a6c432d501f3a4bc84785d087cea637&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251209T115544Z&X-Amz-SignedHeaders=host"} [2025-12-09 19:55:44.677] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:55:44.677] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:55:44.677] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:55:44.678] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:55:44.678] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:55:44.678] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:55:44.898] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44882.1726132164.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281344678, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44882, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8540260068036141, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:55:44.898] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:55:44.898] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:55:44.898] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:55:44.898] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:55:47.781] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24884 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44898.1726132181.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44898.1726132181.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T115547Z&X-Amz-SignedHeaders=host&X-Amz-Signature=88865cc727f12731a2abc1b4a7c50c0cbb78bfe4c95421cd111d9eedb4fbb7bc"} [2025-12-09 19:55:47.781] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:55:47.781] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:55:47.781] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:55:47.781] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:55:47.781] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:55:47.782] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:55:47.968] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44898.1726132181.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281347782, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44898, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6767071500659454, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:55:47.968] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:55:47.968] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:55:47.968] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:55:47.968] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:55:50.885] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25225 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44902.1726132198.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44902.1726132198.jsonl?X-Amz-Signature=6315d864861b7fcdbdd0fb69555c0592d27d03ae39ba97ab90c374b16590b02f&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T115550Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:55:50.885] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:55:50.885] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:55:50.885] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:55:50.885] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:55:50.885] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:55:50.886] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:55:51.072] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44902.1726132198.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281350886, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44902, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5604761186120011, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:55:51.072] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:55:51.072] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:55:51.072] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:55:51.072] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:55:54.002] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25226 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44904.1726132202.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44904.1726132202.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=dd0979db6714a337fa5561b5fb203e41c282e1a2c65c91225c35b9c66974a260&X-Amz-Date=20251209T115553Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-09 19:55:54.003] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:55:54.003] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:55:54.003] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:55:54.003] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:55:54.003] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:55:54.003] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:55:54.190] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44904.1726132202.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281354003, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44904, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7747396296208913, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:55:54.190] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:55:54.190] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:55:54.190] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:55:54.190] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:55:57.104] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24137 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44908.1726132210.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44908.1726132210.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=957cc0ae6743efea778b008839ff34879c310ac1bdabbaf27aed0b6d4713a23a&X-Amz-Date=20251209T115556Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 19:55:57.104] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:55:57.104] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:55:57.105] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:55:57.105] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:55:57.105] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:55:57.105] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:55:57.291] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44908.1726132210.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281357105, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44908, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7313392605554522, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:55:57.291] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:55:57.291] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:55:57.291] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:55:57.291] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:56:00.220] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24138 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44922.1726132222.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44922.1726132222.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=16f139e89be20aca376c473cea07159172e9a6faa360306261eb863dc209919f&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T115559Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:56:00.220] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:56:00.220] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:56:00.221] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:56:00.221] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:56:00.221] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:56:00.221] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:56:00.407] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44922.1726132222.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281360221, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44922, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7216490316609567, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:56:00.407] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:56:00.407] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:56:00.407] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:56:00.407] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:56:03.336] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24139 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53324.1726132238.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53324.1726132238.jsonl?X-Amz-Expires=604800&X-Amz-Signature=cd7b46121e8d838251d5e3326a507bb3f116b82810ae6f554f4887ed908b517e&X-Amz-Date=20251209T115602Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-09 19:56:03.336] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:56:03.336] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:56:03.336] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:56:03.336] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:56:03.336] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:56:03.337] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:56:03.523] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53324.1726132238.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281363337, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53324, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.645743054285468, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:56:03.523] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:56:03.523] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:56:03.523] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:56:03.523] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:56:06.451] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24885 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53326.1726132242.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53326.1726132242.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=d0b3d8cc18e34fd0055aa18e9c0fe2c19eb6bec28ae141ae608a43cc855977c2&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T115605Z&X-Amz-Expires=604800"} [2025-12-09 19:56:06.452] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:56:06.452] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:56:06.452] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:56:06.452] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:56:06.452] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:56:06.452] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:56:06.638] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53326.1726132242.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281366452, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53326, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.7965803475820881, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:56:06.638] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:56:06.638] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:56:06.638] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:56:06.638] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:56:09.561] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24886 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53342.1726132259.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53342.1726132259.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=197cd00924781b18914cb3cfca6ca656cc5c7bb9204a9219ab4d912c471a9fc6&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T115609Z&X-Amz-Expires=604800"} [2025-12-09 19:56:09.561] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:56:09.561] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:56:09.561] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:56:09.561] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:56:09.561] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:56:09.562] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:56:09.748] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53342.1726132259.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281369562, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53342, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.6721624046725702, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:56:09.748] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:56:09.748] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:56:09.748] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:56:09.748] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:56:12.664] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24887 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53344.1726132262.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53344.1726132262.jsonl?X-Amz-Signature=f4bbfeed9b57055055e5aa3d7506501c1efe9d4c280da68c4388e1934dcf8da1&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251209T115612Z"} [2025-12-09 19:56:12.664] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:56:12.664] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:56:12.664] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:56:12.664] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:56:12.664] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:56:12.665] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:56:12.851] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53344.1726132262.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281372665, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53344, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.6023557106412213, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:56:12.851] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:56:12.851] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:56:12.851] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:56:12.851] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:56:15.780] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24140 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_33858.1726130418.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_33858.1726130418.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=dbb1621d12dd8431439176d9bd37ce9361f805a2f4a49a4650ae281ec6fcefc9&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T115615Z"} [2025-12-09 19:56:15.781] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:56:15.781] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:56:15.781] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:56:15.781] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:56:15.781] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:56:15.781] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:56:16.002] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_33858.1726130418.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281375781, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 33858, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7389562922671952, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:56:16.002] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:56:16.002] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:56:16.002] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:56:16.002] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:56:18.893] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25227 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_52856.1726130403.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_52856.1726130403.jsonl?X-Amz-Date=20251209T115618Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=f2e8b16a4f825e17745b59710ee673afda213a284f9af5d9b155e32f467f6c84&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:56:18.893] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:56:18.893] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:56:18.893] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:56:18.893] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:56:18.893] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:56:18.893] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:56:19.080] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_52856.1726130403.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281378894, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 52856, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8234095922587584, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:56:19.080] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:56:19.080] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:56:19.080] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:56:19.080] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:56:22.007] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24141 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_52870.1726130407.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_52870.1726130407.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=827e174ae84c29f0ec8889da9efadf9ba7c7370f8d08ff91c41287090ae64b78&X-Amz-Date=20251209T115621Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-09 19:56:22.007] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:56:22.007] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:56:22.007] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:56:22.007] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:56:22.007] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:56:22.007] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:56:22.194] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_52870.1726130407.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281382008, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 52870, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6149387055645753, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:56:22.194] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:56:22.194] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:56:22.194] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:56:22.194] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:56:25.115] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25228 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_36998.1726130495.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_36998.1726130495.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=e00efbdd38a7d4b930d038fd46afc2b6bde2e6de8d20d5bc532ac9fb501ffc78&X-Amz-Date=20251209T115624Z&X-Amz-SignedHeaders=host"} [2025-12-09 19:56:25.115] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:56:25.115] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:56:25.115] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:56:25.115] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:56:25.115] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:56:25.116] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:56:25.302] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_36998.1726130495.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281385116, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 36998, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.910731468640802, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:56:25.302] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:56:25.302] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:56:25.302] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:56:25.302] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:56:28.229] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24888 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_38776.1726130487.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_38776.1726130487.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=409559c815420ea04a8820daedca6e06ab674619154df617e0413f6727859eae&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T115627Z"} [2025-12-09 19:56:28.229] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:56:28.229] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:56:28.229] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:56:28.229] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:56:28.229] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:56:28.230] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:56:28.416] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_38776.1726130487.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765281388230, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:56:28.416] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:56:28.416] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:56:31.349] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24889 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_38790.1726130491.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_38790.1726130491.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251209T115630Z&X-Amz-SignedHeaders=host&X-Amz-Signature=b59c506ab1b69609c3191d181f60cda088693cf433b6fd49030c9b7a7caffaca&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:56:31.349] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:56:31.349] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:56:31.349] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:56:31.349] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:56:31.349] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:56:31.350] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:56:31.536] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_38790.1726130491.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765281391350, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:56:31.536] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:56:31.536] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:56:34.467] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24142 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_32800.1726130556.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_32800.1726130556.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T115633Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=768c90afd7f9269ab631458587ad0f58ced95ef1df2554754ec5718aa89e2d70&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:56:34.467] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:56:34.467] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:56:34.467] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:56:34.467] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:56:34.467] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:56:34.468] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:56:34.654] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_32800.1726130556.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281394468, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 32800, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6393447179540175, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:56:34.654] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:56:34.654] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:56:34.654] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:56:34.654] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:56:37.579] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24143 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_47822.1726130530.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_47822.1726130530.jsonl?X-Amz-Expires=604800&X-Amz-Signature=143cc7cd5043225ec308988f364fe003c349f5f4b6c2307bf4b01dd5018ca944&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T115637Z"} [2025-12-09 19:56:37.579] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:56:37.579] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:56:37.579] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:56:37.579] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:56:37.580] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:56:37.580] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:56:37.765] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_47822.1726130530.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765281397580, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:56:37.765] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:56:37.765] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:56:40.691] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24144 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51514.1726130550.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51514.1726130550.jsonl?X-Amz-Date=20251209T115640Z&X-Amz-Signature=5979777cb36e0d19ebd970c637dfd732bd68c371efba311496827b251ce0eaef&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-09 19:56:40.692] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:56:40.692] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:56:40.692] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:56:40.692] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:56:40.692] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:56:40.692] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:56:40.879] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51514.1726130550.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281400692, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 51514, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7920714737387965, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:56:40.879] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:56:40.879] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:56:40.879] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:56:40.879] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:56:43.794] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25229 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51736.1726130534.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51736.1726130534.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T115643Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=1a296f08a975d25ad46828439eca0b124fd2f37b6fbf857323d5abe165602a45&X-Amz-Expires=604800"} [2025-12-09 19:56:43.794] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:56:43.794] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:56:43.794] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:56:43.794] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:56:43.794] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:56:43.795] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:56:43.981] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51736.1726130534.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765281403795, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:56:43.981] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:56:43.981] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:56:46.913] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24145 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_36554.1726130578.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_36554.1726130578.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=2193a5af4f8543c321ac305ad90d48d609fecb76235aa7a50ce4bbb0c1ef6c4b&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T115646Z"} [2025-12-09 19:56:46.914] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:56:46.914] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:56:46.914] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:56:46.914] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:56:46.914] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:56:46.914] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:56:47.100] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_36554.1726130578.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281406914, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 36554, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.679389337568846, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:56:47.100] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:56:47.100] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:56:47.100] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:56:47.100] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:56:50.017] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24146 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_41972.1726130607.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_41972.1726130607.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=dc626630694d1e3cf53583facfe5b3594458f73dc0378ffe3c9017ac05395e9f&X-Amz-Date=20251209T115649Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:56:50.017] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:56:50.017] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:56:50.017] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:56:50.017] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:56:50.017] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:56:50.018] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:56:50.238] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_41972.1726130607.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281410018, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 41972, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.7506726691230895, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:56:50.238] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:56:50.238] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:56:50.238] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:56:50.238] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:56:53.137] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24890 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_41988.1726130610.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_41988.1726130610.jsonl?X-Amz-Signature=3a58f964195863684646061008386f451e2cab790ced2178d825cad97403c385&X-Amz-Date=20251209T115652Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 19:56:53.137] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:56:53.137] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:56:53.137] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:56:53.137] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:56:53.137] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:56:53.137] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:56:53.324] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_41988.1726130610.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281413137, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 41988, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.6932043396309915, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:56:53.324] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:56:53.324] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:56:53.324] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:56:53.324] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:56:56.262] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24147 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_48286.1726130586.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_48286.1726130586.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=b0c30987b5b4416db5445e9865f4c24b36c5746aff3f32a2db92a9593c52db8f&X-Amz-Date=20251209T115655Z"} [2025-12-09 19:56:56.262] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:56:56.262] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:56:56.263] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:56:56.263] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:56:56.263] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:56:56.263] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:56:56.449] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_48286.1726130586.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281416263, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 48286, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.7498623734261112, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:56:56.449] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:56:56.449] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:56:56.449] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:56:56.449] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:56:59.373] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24891 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_48288.1726130590.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_48288.1726130590.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=8b202c50ce99d136e3dc2363bb0c9c1439a8f4da1f0393db519878940965707e&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T115658Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:56:59.374] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:56:59.374] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:56:59.374] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:56:59.374] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:56:59.374] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:56:59.374] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:56:59.564] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_48288.1726130590.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765281419374, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:56:59.564] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:56:59.564] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:57:02.492] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24148 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_34324.1726129515.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_34324.1726129515.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=7f39ecc3c59a2d2750e52b57be6317c3af80426455739efaec7c5c28aa76d6bc&X-Amz-Date=20251209T115701Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:57:02.492] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:57:02.492] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:57:02.492] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:57:02.493] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:57:02.493] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:57:02.493] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:57:02.682] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_34324.1726129515.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281422494, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 34324, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8598443676373912, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:57:02.682] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:57:02.682] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:57:02.682] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:57:02.682] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:57:05.595] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24892 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_34338.1726129519.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_34338.1726129519.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T115705Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=6c7658d6e3bfce7b0e443756efcf8679776664b0a91355499a3d503d568700de&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:57:05.595] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:57:05.595] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:57:05.595] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:57:05.596] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:57:05.596] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:57:05.596] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:57:05.782] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_34338.1726129519.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281425596, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 34338, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6600152343992454, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:57:05.782] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:57:05.782] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:57:05.782] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:57:05.782] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:57:08.715] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25230 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_43408.1726129537.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_43408.1726129537.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=72ef3329844878d2649750797e083f21bd5b4d6067caf5aafd03888913ff6cfb&X-Amz-Date=20251209T115708Z"} [2025-12-09 19:57:08.715] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:57:08.715] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:57:08.715] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:57:08.715] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:57:08.716] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:57:08.716] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:57:08.901] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_43408.1726129537.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281428716, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 43408, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6608495747990313, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:57:08.902] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:57:08.902] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:57:08.902] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:57:08.902] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:57:11.818] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24893 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_58164.1726129543.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_58164.1726129543.jsonl?X-Amz-Signature=bded0f0bfd97d5e45b9b3d9b4b79e62c96e4bccb3f58d4db4ca802c307263926&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T115711Z"} [2025-12-09 19:57:11.819] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:57:11.819] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:57:11.819] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:57:11.819] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:57:11.819] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:57:11.819] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:57:12.001] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_58164.1726129543.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281431819, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 58164, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5150716470914646, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:57:12.001] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:57:12.001] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:57:12.001] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:57:12.001] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:57:14.932] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24149 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_58182.1726129549.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_58182.1726129549.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=acbfd43c27af92340c4edb589973c0b0ad400c91c61212edfe49fee68f73f6ee&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T115714Z"} [2025-12-09 19:57:14.932] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:57:14.932] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:57:14.932] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:57:14.932] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:57:14.932] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:57:14.933] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:57:15.118] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_58182.1726129549.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281434933, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 58182, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7825537526527392, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:57:15.118] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:57:15.118] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:57:15.118] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:57:15.118] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:57:18.049] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24150 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_45842.1726129592.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_45842.1726129592.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=ba1f1c4ba4b6bd6d4332fe0b067b73ec4f4aa1e80cdaf4232ef643893d3ed53c&X-Amz-Date=20251209T115717Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:57:18.049] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:57:18.049] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:57:18.050] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:57:18.050] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:57:18.050] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:57:18.051] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:57:18.237] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_45842.1726129592.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281438051, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 45842, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.592268158808573, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:57:18.237] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:57:18.237] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:57:18.237] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:57:18.237] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:57:21.160] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24151 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_52104.1726129584.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_52104.1726129584.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=666c228841420a982be2f6b1bfd422fbd9836a0cfc6f11137a674a0bc68d2a5e&X-Amz-Date=20251209T115720Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:57:21.160] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:57:21.160] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:57:21.160] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:57:21.160] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:57:21.160] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:57:21.161] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:57:21.347] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_52104.1726129584.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281441161, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 52104, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5820294787660791, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:57:21.347] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:57:21.347] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:57:21.347] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:57:21.347] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:57:24.264] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24894 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_52112.1726129588.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_52112.1726129588.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=52b8ca647d987947385657d772c187cf26503b952b340bd6fa46f149ebb86aec&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251209T115723Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:57:24.264] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:57:24.264] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:57:24.264] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:57:24.264] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:57:24.264] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:57:24.265] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:57:24.485] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_52112.1726129588.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281444265, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 52112, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7399493449817247, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:57:24.485] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:57:24.485] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:57:24.485] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:57:24.485] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:57:27.376] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25231 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_35710.1726129632.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_35710.1726129632.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=201805d4950e8fe4591690aac187b83ab5db7d04aebf42bb9b289bb07ae93370&X-Amz-Date=20251209T115726Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:57:27.376] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:57:27.376] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:57:27.376] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:57:27.376] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:57:27.376] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:57:27.377] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:57:27.566] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_35710.1726129632.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281447377, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 35710, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5372650123307994, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:57:27.567] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:57:27.567] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:57:27.567] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:57:27.567] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:57:30.484] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24895 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_35724.1726129636.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_35724.1726129636.jsonl?X-Amz-Date=20251209T115729Z&X-Amz-Expires=604800&X-Amz-Signature=12ce87bf8661ddbe137d309f5881b8b83ba660ba4677700a46d28cc72778fd95&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:57:30.484] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:57:30.485] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:57:30.485] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:57:30.485] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:57:30.485] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:57:30.485] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:57:30.671] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_35724.1726129636.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765281450485, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:57:30.671] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:57:30.671] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:57:33.598] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24152 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_37004.1726129660.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_37004.1726129660.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251209T115733Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=06f551e08d1b1b71d319a69851bb0a9e02e7ad893819d41dbe5393628e6d8213&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:57:33.598] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:57:33.598] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:57:33.598] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:57:33.598] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:57:33.598] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:57:33.599] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:57:33.785] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_37004.1726129660.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281453599, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 37004, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5915217816010709, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:57:33.785] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:57:33.785] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:57:33.785] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:57:33.785] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:57:36.709] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25232 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_56522.1726129650.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_56522.1726129650.jsonl?X-Amz-Expires=604800&X-Amz-Signature=9ea323e32f1b7774ecbbd109526c9d383a4e8915875e97fe16fafb89ad45b822&X-Amz-Date=20251209T115736Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-09 19:57:36.709] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:57:36.709] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:57:36.709] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:57:36.709] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:57:36.709] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:57:36.710] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:57:36.895] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_56522.1726129650.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281456710, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 56522, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7046661217476976, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:57:36.895] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:57:36.895] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:57:36.895] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:57:36.895] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:57:39.827] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25233 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_IP.1726129146.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_IP.1726129146.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T115739Z&X-Amz-Expires=604800&X-Amz-Signature=24e889a76e56ae8d8ded249778d180e91300bb8c2d9c4411b6242597d3cd1c8b&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:57:39.827] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:57:39.827] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:57:39.827] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:57:39.827] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:57:39.827] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:57:39.828] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:57:40.013] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_IP.1726129146.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281459828, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 56136, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.7120939475867335, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:57:40.013] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:57:40.013] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:57:40.014] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:57:40.014] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:57:42.944] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24896 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_56136.1726129146.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_56136.1726129146.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=e7514ea26cf57af00f20a7705fc4da3804a1048032b02a7ae389b37a3c048bcb&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T115742Z"} [2025-12-09 19:57:42.944] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:57:42.944] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:57:42.944] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:57:42.944] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:57:42.944] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:57:42.944] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:57:43.130] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_56136.1726129146.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281462945, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 56136, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.7120939475867335, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:57:43.130] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:57:43.130] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:57:43.130] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:57:43.130] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:57:46.059] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25234 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41835_192-168-163-23_443.1726206777.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41835_192-168-163-23_443.1726206777.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=744cb98ac55e44264749cf8c473b3f01c2f1b1a4656c7ca62b8bf46731158742&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T115745Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:57:46.059] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:57:46.059] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:57:46.060] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:57:46.060] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:57:46.060] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:57:46.061] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:57:46.254] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41835_192-168-163-23_443.1726206777.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281466061, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41835, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9997064171622698, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:57:46.254] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:57:46.254] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:57:46.254] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:57:46.254] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:57:49.168] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24897 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_42007_192-168-163-23_80.1726207522.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_42007_192-168-163-23_80.1726207522.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T115748Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=0f0367b905378c7896618136922bb51046871e9d761fe550fb4e15c7d653148c&X-Amz-Expires=604800"} [2025-12-09 19:57:49.168] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:57:49.168] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:57:49.169] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:57:49.169] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:57:49.169] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:57:49.170] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:57:49.356] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_42007_192-168-163-23_80.1726207522.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281469170, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42007, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:57:49.356] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:57:49.356] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:57:49.356] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:57:49.356] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:57:52.284] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24898 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41530_192-168-163-23_443.1726205310.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41530_192-168-163-23_443.1726205310.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=ad85317a02280a5ef68a19c55159cf3bbffca93ad01cb2844345ea0699e14be5&X-Amz-Date=20251209T115751Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 19:57:52.284] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:57:52.284] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:57:52.284] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:57:52.284] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:57:52.284] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:57:52.285] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:57:52.470] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41530_192-168-163-23_443.1726205310.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281472285, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41530, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9999719138549306, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:57:52.470] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:57:52.470] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:57:52.470] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:57:52.470] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:57:55.392] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24153 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41855_192-168-163-23_443.1726206901.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41855_192-168-163-23_443.1726206901.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=e2759afcd822ceacbeaeb0d93fac9183bdc045430b3e908d23d766b755bcb20a&X-Amz-Date=20251209T115754Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 19:57:55.392] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:57:55.392] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:57:55.393] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:57:55.393] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:57:55.393] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:57:55.393] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:57:55.578] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41855_192-168-163-23_443.1726206901.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281475393, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41855, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9995499563485257, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:57:55.578] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:57:55.578] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:57:55.578] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:57:55.578] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:57:58.503] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25235 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-136_44850.1726132117.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-136_44850.1726132117.jsonl?X-Amz-Signature=dc4c68d2f3a70a545f488af9c6c0618bf3202ab2b9b8914e21a7023167fd075a&X-Amz-Date=20251209T115758Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-09 19:57:58.503] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:57:58.503] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:57:58.503] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:57:58.503] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:57:58.503] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:57:58.503] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:57:58.689] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-136_44850.1726132117.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281478504, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44850, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6907793735712409, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:57:58.689] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:57:58.690] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:57:58.690] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:57:58.690] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:58:01.606] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24899 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44896.1726132178.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44896.1726132178.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T115801Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=d2d8ed059548f2f9b553846ba22e895397b7f29c8414072fe4ae0bd1b7c47d9a&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:58:01.606] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:58:01.606] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:58:01.606] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:58:01.606] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:58:01.606] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:58:01.607] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:58:01.826] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44896.1726132178.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281481607, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44896, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.656546421625667, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:58:01.826] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:58:01.826] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:58:01.826] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:58:01.826] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:58:04.710] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24154 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44920.1726132219.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44920.1726132219.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=6cb92a9aa4cdb196915fd4e9b1b59fc1751f975c572569581f42079cd0636a60&X-Amz-Expires=604800&X-Amz-Date=20251209T115804Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:58:04.710] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:58:04.710] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:58:04.710] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:58:04.711] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:58:04.711] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:58:04.711] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:58:04.899] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44920.1726132219.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281484712, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44920, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6185975560935816, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:58:04.899] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:58:04.899] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:58:04.899] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:58:04.899] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:58:07.818] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24900 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53336.1726132253.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53336.1726132253.jsonl?X-Amz-Signature=f44578773384802b2a41e95c35a3c78b0d475f93c6603d910949476be4b62095&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251209T115807Z"} [2025-12-09 19:58:07.818] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:58:07.818] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:58:07.818] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:58:07.818] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:58:07.818] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:58:07.819] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:58:08.004] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53336.1726132253.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281487819, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53336, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.5295058357260812, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:58:08.004] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:58:08.004] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:58:08.004] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:58:08.004] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:58:10.936] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24155 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_54372.1726130503.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_54372.1726130503.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=2933f1118307358f767c337c119b54c543c31a8a50533dda022e8bbc05ff3a15&X-Amz-Date=20251209T115810Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:58:10.936] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:58:10.936] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:58:10.936] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:58:10.936] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:58:10.936] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:58:10.936] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:58:11.122] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_54372.1726130503.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281490937, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54372, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.878562954767242, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:58:11.122] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:58:11.122] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:58:11.122] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:58:11.122] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:58:14.051] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24901 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51482.1726130544.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51482.1726130544.jsonl?X-Amz-Date=20251209T115813Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=3aa2e36d84be73a00d0ae259acc6bc074c5df02549085d63ad1f6d92e387d3ce"} [2025-12-09 19:58:14.051] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:58:14.051] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:58:14.051] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:58:14.051] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:58:14.051] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:58:14.052] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:58:14.237] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51482.1726130544.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281494052, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 51482, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6781951466688778, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:58:14.237] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:58:14.237] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:58:14.237] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:58:14.237] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:58:17.162] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24902 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_41956.1726130604.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_41956.1726130604.jsonl?X-Amz-Expires=604800&X-Amz-Signature=3b92bf218d1b8db174a082bb6e66e9baca6fb4116a6e22d9cb46cf77520553a0&X-Amz-Date=20251209T115816Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:58:17.162] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:58:17.162] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:58:17.162] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:58:17.162] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:58:17.162] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:58:17.163] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:58:17.348] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_41956.1726130604.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765281497163, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:58:17.348] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:58:17.348] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:58:20.266] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24903 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_33056.1726129602.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_33056.1726129602.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=aae6cd7582958b9ac906a39e628cff6b5a61e06ced90e45bf9913f14330be122&X-Amz-Date=20251209T115819Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:58:20.267] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:58:20.267] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:58:20.267] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:58:20.267] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:58:20.267] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:58:20.267] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:58:20.453] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_33056.1726129602.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281500267, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 33056, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6308113658289384, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:58:20.453] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:58:20.453] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:58:20.453] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:58:20.453] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:58:23.381] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24904 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_36982.1726129653.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_36982.1726129653.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=c84a12d1dc2624dd6f61f457a1181e25984633f29afce3038dd5dad22a0deb6f&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T115822Z"} [2025-12-09 19:58:23.382] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:58:23.382] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:58:23.382] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:58:23.382] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:58:23.382] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:58:23.382] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:58:23.569] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_36982.1726129653.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281503382, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 36982, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.645358975713871, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:58:23.569] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:58:23.569] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:58:23.569] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:58:23.569] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:58:26.498] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24156 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_33856.1726130415.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_33856.1726130415.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=2680b5794ef98b32060241216b7e5425dcb84145433655fde69ff1edd4134ba4&X-Amz-Date=20251209T115826Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:58:26.498] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:58:26.498] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:58:26.498] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:58:26.498] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:58:26.498] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:58:26.499] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:58:26.685] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_33856.1726130415.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765281506499, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:58:26.685] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:58:26.685] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:58:29.601] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25236 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_35934.1726130424.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_35934.1726130424.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T115829Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=7eed0e250a5e4e561268b426ed16a0f06163730976866f361bace2ebecfbef9f&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:58:29.601] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:58:29.601] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:58:29.601] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:58:29.601] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:58:29.601] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:58:29.602] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:58:29.787] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_35934.1726130424.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281509602, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 35934, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8765184103204687, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:58:29.787] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:58:29.787] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:58:29.787] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:58:29.787] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:58:32.717] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24157 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44888.1726132172.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44888.1726132172.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T115832Z&X-Amz-SignedHeaders=host&X-Amz-Signature=6d0b0320dfc61fa6b05db70de0588630690b0052c9511040297690a2b8bcfc40"} [2025-12-09 19:58:32.717] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:58:32.717] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:58:32.717] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:58:32.717] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:58:32.717] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:58:32.718] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:58:32.903] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44888.1726132172.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281512718, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44888, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7618044728672403, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:58:32.903] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:58:32.903] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:58:32.903] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:58:32.903] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:58:35.833] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25237 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44912.1726132213.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44912.1726132213.jsonl?X-Amz-Expires=604800&X-Amz-Signature=7323a94c0534349ea6dd1152f422b1e043479b098a4fafed1aa6851bca273237&X-Amz-Date=20251209T115835Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:58:35.833] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:58:35.833] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:58:35.833] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:58:35.833] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:58:35.833] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:58:35.833] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:58:36.019] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44912.1726132213.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281515834, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44912, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6941403930190175, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:58:36.019] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:58:36.019] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:58:36.019] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:58:36.019] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:58:38.951] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24158 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53332.1726132249.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53332.1726132249.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T115838Z&X-Amz-Signature=7178ae323f9f0620b908a28737d82d052a6df29070419668fb2b1e7f8adcab9e&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:58:38.951] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:58:38.951] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:58:38.951] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:58:38.951] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:58:38.951] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:58:38.951] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:58:39.137] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53332.1726132249.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281518952, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53332, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.6762638693132109, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:58:39.137] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:58:39.137] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:58:39.137] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:58:39.137] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:58:42.055] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25238 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51766.1726130541.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51766.1726130541.jsonl?X-Amz-Signature=96ac463b289e00ebea02e693fbd0def1b6cbe53a8af5b337b680b840733fb7c6&X-Amz-Date=20251209T115841Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:58:42.055] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:58:42.055] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:58:42.055] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:58:42.055] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:58:42.055] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:58:42.056] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:58:42.242] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51766.1726130541.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281522056, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 51766, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5230912463199346, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:58:42.242] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:58:42.242] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:58:42.242] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:58:42.242] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:58:45.169] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24905 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_44024.1726130597.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_44024.1726130597.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251209T115844Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=913215aa543c2e2ce6034b7c57480ae8e6c37f18f49018bb10bcbba5dda45b87"} [2025-12-09 19:58:45.169] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:58:45.169] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:58:45.169] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:58:45.169] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:58:45.169] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:58:45.169] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:58:45.355] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_44024.1726130597.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281525169, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44024, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.5200589530455904, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:58:45.355] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:58:45.355] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:58:45.355] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:58:45.355] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:58:48.281] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24159 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_43392.1726129534.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_43392.1726129534.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T115847Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=73ec828c5af5f5753ec36feaa089f2a2ebd20f5e677e6505cd494525240de862&X-Amz-Expires=604800"} [2025-12-09 19:58:48.282] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:58:48.282] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:58:48.282] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:58:48.282] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:58:48.282] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:58:48.282] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:58:48.468] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_43392.1726129534.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765281528282, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 19:58:48.468] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 19:58:48.468] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:58:51.399] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24160 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_45862.1726129599.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_45862.1726129599.jsonl?X-Amz-Date=20251209T115850Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=5ef4f65f81ef4c90dd8e7289e4ecf0b34273a92ae0784fbb30e3a0d28a6072a6&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:58:51.399] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:58:51.399] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:58:51.399] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:58:51.399] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:58:51.399] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:58:51.400] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:58:51.591] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_45862.1726129599.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281531400, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 45862, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8844120553728769, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:58:51.591] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:58:51.591] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:58:51.591] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:58:51.591] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:58:54.514] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24906 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_56508.1726129647.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_56508.1726129647.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=a46b3bd7e2b63741c7ba95786079397ae490f7c800f9b0f1a23110c6f4ab51df&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T115854Z"} [2025-12-09 19:58:54.514] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:58:54.514] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:58:54.514] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:58:54.514] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:58:54.514] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:58:54.515] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:58:54.699] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_56508.1726129647.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281534515, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 56508, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7612030493876523, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:58:54.699] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:58:54.699] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:58:54.699] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:58:54.699] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:58:57.633] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25239 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_33868.1726130421.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_33868.1726130421.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=1ad006719e4fa2c7171b9cd1fc7856d7c72469b97f0a275be5fdadd61b09c4fd&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T115857Z"} [2025-12-09 19:58:57.633] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:58:57.633] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:58:57.633] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:58:57.633] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:58:57.633] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:58:57.634] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:58:57.820] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_33868.1726130421.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281537634, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 33868, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7907536706029601, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:58:57.820] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:58:57.820] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:58:57.820] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:58:57.820] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:59:00.745] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25240 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51754.1726130541.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51754.1726130541.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T115900Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=a1bf64700afd8f1a30f775f1f86f77c06d39f9d9e06f71fbcc16d2563f0a8794"} [2025-12-09 19:59:00.746] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:59:00.746] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:59:00.746] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:59:00.746] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:59:00.746] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:59:00.747] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:59:00.934] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51754.1726130541.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281540747, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 51754, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6370738968028632, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:59:00.934] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:59:00.934] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:59:00.934] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:59:00.934] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:59:03.857] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24907 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_58168.1726129546.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_58168.1726129546.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251209T115903Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=32343dba7999460d8c9522ce9e8ed16bdd3f2bc88cdfcb4bf4e3003271b4fc15&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-09 19:59:03.857] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:59:03.857] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:59:03.857] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:59:03.857] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:59:03.857] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:59:03.858] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:59:04.044] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_58168.1726129546.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281543858, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 58168, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5486665983652664, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:59:04.044] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:59:04.044] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:59:04.044] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:59:04.044] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:59:06.970] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24908 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_45860.1726129599.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_45860.1726129599.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251209T115906Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=819dbb299b784795bd5724500638b9263cb2b985899e70a12f01298860613739&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-09 19:59:06.970] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:59:06.970] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:59:06.971] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:59:06.971] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:59:06.971] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:59:06.971] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:59:07.157] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_45860.1726129599.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281546971, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 45860, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.809274256789188, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:59:07.157] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:59:07.157] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:59:07.157] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:59:07.157] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:59:10.074] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25241 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_36974.1726129653.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_36974.1726129653.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T115909Z&X-Amz-Signature=37d9f27449beb66ada1e0ae58b5927d8873b7e48e1cbc9ee8f606f60b5b9dae5&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 19:59:10.074] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:59:10.074] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:59:10.074] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:59:10.074] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:59:10.074] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:59:10.075] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:59:10.261] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_36974.1726129653.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281550075, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 36974, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7909008152122282, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:59:10.261] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:59:10.261] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:59:10.261] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:59:10.261] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:59:13.191] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25242 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_56490.1726129644.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_56490.1726129644.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251209T115912Z&X-Amz-Signature=df5b4dcd85b28d7a95df5ed1edd7f59686f9e0f220340e14abef78784358dc1b&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-09 19:59:13.191] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:59:13.191] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:59:13.191] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:59:13.191] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:59:13.191] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:59:13.192] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:59:13.378] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_56490.1726129644.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281553192, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 56490, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7423598538991082, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:59:13.378] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:59:13.378] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:59:13.378] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:59:13.378] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:59:16.304] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24909 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_56494.1726129647.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_56494.1726129647.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=22909694c5d87ca0bde8974b9b93d9558f5ffcbee430c379b8a39e2945d571de&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T115915Z"} [2025-12-09 19:59:16.304] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:59:16.304] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:59:16.304] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:59:16.304] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:59:16.304] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:59:16.305] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:59:16.490] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_56494.1726129647.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281556305, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 56494, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.844063156911654, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:59:16.490] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:59:16.490] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:59:16.490] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:59:16.490] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:59:19.415] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24910 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_54360.1726130503.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_54360.1726130503.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=ef67841a62760bc16737287b510b29142e807fc4c8fd73b15660347bcb62e3ce&X-Amz-Date=20251209T115918Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:59:19.415] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:59:19.415] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:59:19.415] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:59:19.415] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:59:19.415] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:59:19.416] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:59:19.602] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_54360.1726130503.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281559416, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54360, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5824559064294447, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:59:19.602] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:59:19.602] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:59:19.602] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:59:19.602] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:59:22.529] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24161 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41524_192-168-163-23_443.1726205275.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41524_192-168-163-23_443.1726205275.jsonl?X-Amz-Date=20251209T115922Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=f09be95bbeb79b54e7984ac31b3c5103508d2e1b5a6b3e1904a8c82788f722d5&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:59:22.529] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:59:22.529] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:59:22.529] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:59:22.529] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:59:22.529] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:59:22.530] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:59:22.715] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41524_192-168-163-23_443.1726205275.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281562530, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41524, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9999496192481244, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 19:59:22.715] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:59:22.715] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:59:22.715] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:59:22.715] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:59:25.633] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24911 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_47654.1726130399.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_47654.1726130399.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=a3d14938c01af35f953e0981cb8718eb653baaf519b6f6987d5e40d191b8d760&X-Amz-Date=20251209T115925Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-09 19:59:25.633] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:59:25.633] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:59:25.633] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:59:25.633] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:59:25.633] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:59:25.634] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:59:25.820] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_47654.1726130399.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281565634, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 47654, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7026441794397728, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:59:25.820] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:59:25.820] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:59:25.820] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:59:25.820] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:59:28.736] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24912 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_32786.1726130553.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_32786.1726130553.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251209T115928Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=36b4332b6a0b15c5a31c46a8356dc4f6c6e04499e5133cfe787647dedc300424"} [2025-12-09 19:59:28.736] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:59:28.736] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:59:28.736] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:59:28.736] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:59:28.736] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:59:28.737] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:59:28.923] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_32786.1726130553.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281568737, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 32786, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8098754794129167, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:59:28.923] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:59:28.923] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:59:28.923] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:59:28.923] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:59:31.849] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25243 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_50518.1726129523.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_50518.1726129523.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T115931Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=5107e0bdee77166cb0853a493471e06e14e70bd15fd72b85615875cd98e43675"} [2025-12-09 19:59:31.849] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:59:31.849] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:59:31.849] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:59:31.849] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:59:31.849] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:59:31.850] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:59:32.036] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_50518.1726129523.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281571850, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 50518, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5766166595943324, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:59:32.036] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:59:32.036] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:59:32.036] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:59:32.036] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:59:34.966] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25244 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_50524.1726129527.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_50524.1726129527.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=807284909c515f1b8b8d86fc8693eb7f32e1b10ab7e2f0c5fd62b520a0ffdb00&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T115934Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:59:34.966] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:59:34.966] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:59:34.967] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:59:34.967] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:59:34.967] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:59:34.967] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:59:35.153] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_50524.1726129527.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281574967, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 50524, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6328550763870058, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:59:35.153] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:59:35.153] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:59:35.153] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:59:35.153] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:59:38.078] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24162 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_35730.1726129640.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_35730.1726129640.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T115937Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=1d64afe933db498cc9d99801b67101e48370d9f4f9d244c44ea7d59a4ad7a848"} [2025-12-09 19:59:38.078] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:59:38.078] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:59:38.078] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:59:38.078] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:59:38.078] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:59:38.079] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:59:38.265] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_35730.1726129640.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281578079, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 35730, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7117355304645763, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:59:38.265] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:59:38.265] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:59:38.265] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:59:38.265] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:59:41.182] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25245 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_43414.1726129540.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_43414.1726129540.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T115940Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=78b799070799946b6095f7c065d575f5204bd62bb38ef5973b9628cc99de2bbb&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:59:41.182] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:59:41.182] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:59:41.182] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:59:41.182] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:59:41.182] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:59:41.182] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:59:41.369] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_43414.1726129540.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281581183, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 43414, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.755307526352713, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 19:59:41.369] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:59:41.369] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:59:41.369] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:59:41.369] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:59:44.297] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24163 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43321.1726308954.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43321.1726308954.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T115943Z&X-Amz-Expires=604800&X-Amz-Signature=12635c5d5b68921d237e602f4a3abcf6c238fe8f2eb8f34a9bac472bb12fb29a&X-Amz-SignedHeaders=host"} [2025-12-09 19:59:44.297] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:59:44.297] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:59:44.297] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:59:44.297] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:59:44.297] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:59:44.298] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:59:44.482] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43321.1726308954.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281584298, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "218.26.55.102", "dest_ip": "10.0.4.15", "protocol": 6, "src_port": 43321, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9995247443306217, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 19:59:44.482] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:59:44.482] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:59:44.482] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:59:44.482] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:59:47.400] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24164 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.3_1.pcap.TCP_10-0-4-15_443_218-26-55-102_43316.1726308782.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.3_1.pcap.TCP_10-0-4-15_443_218-26-55-102_43316.1726308782.jsonl?X-Amz-Date=20251209T115946Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=bd0f2cadafee66d5d687e154107f418d37bc2d39773fa5340b096bb3261a0cfd&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-09 19:59:47.400] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:59:47.400] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:59:47.400] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:59:47.400] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:59:47.400] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:59:47.401] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:59:47.586] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.3_1.pcap.TCP_10-0-4-15_443_218-26-55-102_43316.1726308782.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281587401, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "218.26.55.102", "dest_ip": "10.0.4.15", "protocol": 6, "src_port": 43316, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9979385434135288, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 19:59:47.586] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:59:47.586] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:59:47.586] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:59:47.586] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 19:59:50.503] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24913 key: NULL payload: {"bucket":"2025-12-09","object":"19/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.3_1.pcap.TCP_10-0-4-15_443_218-26-55-102_43317.1726308782.jsonl","url":"http://111.32.12.11:9000/2025-12-09/19/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.3_1.pcap.TCP_10-0-4-15_443_218-26-55-102_43317.1726308782.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T115950Z&X-Amz-Signature=67b408c980717f08d3ecd4ba096de4ab8c060e45b30c99342ba0d9a0b3231b90&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 19:59:50.503] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 19:59:50.503] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 19:59:50.503] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 19:59:50.503] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 19:59:50.503] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 19:59:50.504] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 19:59:50.692] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:19/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.3_1.pcap.TCP_10-0-4-15_443_218-26-55-102_43317.1726308782.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281590504, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "218.26.55.102", "dest_ip": "10.0.4.15", "protocol": 6, "src_port": 43317, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9969962816008263, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 19:59:50.693] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 19:59:50.693] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 19:59:50.693] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 19:59:50.693] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:01:56.186] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24165 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50555.1727436113.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50555.1727436113.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=973de6ba66fb322744dcf2ab2fe35cd02ac7a809a4a1ea90a52f9749cf870d96&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T120155Z"} [2025-12-09 20:01:56.186] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:01:56.186] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:01:56.186] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:01:56.186] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:01:56.186] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:01:56.187] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:01:56.418] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50555.1727436113.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281716188, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 50555, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:01:56.418] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:01:56.418] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:01:56.418] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:01:56.418] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:01:59.294] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24914 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53624_192-168-112-135_443.1726625047.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53624_192-168-112-135_443.1726625047.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251209T120158Z&X-Amz-SignedHeaders=host&X-Amz-Signature=2fcf8e6446476e4e68730956b8874a2111aab5b9b67b744f39ad808ccef4afc8&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:01:59.294] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:01:59.294] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:01:59.294] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:01:59.294] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:01:59.295] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:01:59.295] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:01:59.520] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53624_192-168-112-135_443.1726625047.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281719295, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53624, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999821698763516, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:01:59.520] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:01:59.520] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:01:59.520] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:01:59.520] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:02:02.403] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24166 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43063_192-168-37-136_8080.1727255542.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43063_192-168-37-136_8080.1727255542.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=6a20498d164003ef2acbacbe9502c668573a53f90ca8053f74b1d55ff22d5266&X-Amz-Date=20251209T120201Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:02:02.404] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:02:02.404] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:02:02.404] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:02:02.404] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:02:02.404] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:02:02.404] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:02:02.587] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43063_192-168-37-136_8080.1727255542.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281722404, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 43063, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:02:02.587] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:02:02.587] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:02:02.587] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:02:02.587] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:02:05.519] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25246 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54133_192-168-37-136_8080.1727405503.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54133_192-168-37-136_8080.1727405503.jsonl?X-Amz-Signature=cf565c9ee93336577f12b2395d236b620a9e303373fce1ddf7473499b8a280ad&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T120205Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-09 20:02:05.519] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:02:05.519] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:02:05.519] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:02:05.519] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:02:05.519] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:02:05.519] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:02:05.702] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54133_192-168-37-136_8080.1727405503.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281725520, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 54133, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:02:05.702] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:02:05.702] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:02:05.702] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:02:05.702] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:02:08.638] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25247 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63350.1727520055.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63350.1727520055.jsonl?X-Amz-Date=20251209T120208Z&X-Amz-SignedHeaders=host&X-Amz-Signature=29fc1ad8da892bafa01867d99d4d4ab8842be48963d12e9457a6c07086a9b184&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:02:08.638] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:02:08.638] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:02:08.638] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:02:08.638] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:02:08.638] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:02:08.638] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:02:08.826] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63350.1727520055.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281728638, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 63350, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:02:08.826] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:02:08.826] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:02:08.826] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:02:08.826] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:02:11.751] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24915 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_http_cat.pcap.TCP_192-168-52-1_11957_192-168-52-129_80.1726192517.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_http_cat.pcap.TCP_192-168-52-1_11957_192-168-52-129_80.1726192517.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=de5485f04ecef2993cfc6b0f7bf3329dc83ae1f13fa68d5b323187720e7a2f5b&X-Amz-Expires=604800&X-Amz-Date=20251209T120211Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:02:11.752] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:02:11.752] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:02:11.752] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:02:11.752] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:02:11.752] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:02:11.752] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:02:11.940] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_http_cat.pcap.TCP_192-168-52-1_11957_192-168-52-129_80.1726192517.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281731752, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 11957, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:02:11.940] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:02:11.940] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:02:11.940] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:02:11.940] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:02:14.866] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24916 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53625_192-168-112-135_443.1726625050.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53625_192-168-112-135_443.1726625050.jsonl?X-Amz-Date=20251209T120214Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=cab53bbf4c3b7fbd34232378ea3b6b9c728199f7b986706bf340c1c09fd321e9&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:02:14.867] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:02:14.867] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:02:14.867] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:02:14.867] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:02:14.867] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:02:14.868] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:02:15.053] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53625_192-168-112-135_443.1726625050.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281734868, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53625, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999752113134179, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:02:15.053] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:02:15.053] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:02:15.053] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:02:15.053] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:02:17.979] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24917 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53642_192-168-112-135_443.1726625085.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53642_192-168-112-135_443.1726625085.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T120217Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=c393e263f7d011d28da20bc1c6f496f1d2c0d26ab8f5054ebd29385829a008e8"} [2025-12-09 20:02:17.979] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:02:17.979] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:02:17.980] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:02:17.980] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:02:17.980] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:02:17.980] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:02:18.165] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53642_192-168-112-135_443.1726625085.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281737980, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53642, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999904070570224, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:02:18.165] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:02:18.165] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:02:18.165] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:02:18.165] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:02:21.099] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25248 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43061_192-168-37-136_8080.1727255540.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43061_192-168-37-136_8080.1727255540.jsonl?X-Amz-Signature=a10751f6f54151b5b1feafbcf76f020bbac04a8d20dac07c97272171cd201d1a&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T120220Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 20:02:21.099] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:02:21.099] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:02:21.099] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:02:21.100] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:02:21.100] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:02:21.100] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:02:21.283] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43061_192-168-37-136_8080.1727255540.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281741100, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 43061, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:02:21.283] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:02:21.283] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:02:21.283] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:02:21.283] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:02:24.218] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24918 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53560_192-168-112-135_443.1726624881.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53560_192-168-112-135_443.1726624881.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=e1087f9f69a5bea41431333aba8fe5b4124c94a7e38bbbb71992eb280dd77c50&X-Amz-Date=20251209T120223Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:02:24.218] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:02:24.218] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:02:24.218] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:02:24.218] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:02:24.218] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:02:24.219] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:02:24.407] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53560_192-168-112-135_443.1726624881.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281744220, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53560, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999885275321531, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:02:24.407] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:02:24.407] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:02:24.407] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:02:24.407] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:02:27.327] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24919 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54129_192-168-37-136_8080.1727405489.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54129_192-168-37-136_8080.1727405489.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=3a5909303e02f31f19c600b13a7a98e6692d382e984d11b459666445f5431b18&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T120226Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-09 20:02:27.327] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:02:27.327] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:02:27.327] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:02:27.327] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:02:27.327] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:02:27.327] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:02:27.523] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54129_192-168-37-136_8080.1727405489.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281747327, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 54129, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:02:27.523] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:02:27.523] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:02:27.523] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:02:27.523] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:02:30.435] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25249 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36457_192-168-37-136_8080.1727405538.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36457_192-168-37-136_8080.1727405538.jsonl?X-Amz-Signature=ff755ee9b7e48a0b50fe868a01fef8370ee14003f2554f1e4fdfcb3050e48626&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T120229Z"} [2025-12-09 20:02:30.435] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:02:30.435] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:02:30.436] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:02:30.436] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:02:30.436] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:02:30.436] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:02:30.655] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36457_192-168-37-136_8080.1727405538.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281750437, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 36457, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:02:30.655] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:02:30.655] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:02:30.655] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:02:30.655] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:02:33.543] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24920 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36453_192-168-37-136_8080.1727405528.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36453_192-168-37-136_8080.1727405528.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T120233Z&X-Amz-Signature=c46b22e2f19b780221411a909feac0a122a04b7f2c61c75499ec0184fb12b298&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:02:33.544] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:02:33.544] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:02:33.544] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:02:33.544] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:02:33.544] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:02:33.545] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:02:33.740] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36453_192-168-37-136_8080.1727405528.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281753545, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 36453, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:02:33.740] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:02:33.740] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:02:33.740] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:02:33.740] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:02:36.655] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24167 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36455_192-168-37-136_8080.1727405533.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36455_192-168-37-136_8080.1727405533.jsonl?X-Amz-Date=20251209T120236Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=6d034a4a5c8da97c45ddf8bdcd1badf85a013f0ad07a96732504d3602a5279e7&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-09 20:02:36.656] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:02:36.656] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:02:36.656] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:02:36.656] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:02:36.656] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:02:36.656] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:02:36.839] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36455_192-168-37-136_8080.1727405533.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281756656, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 36455, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:02:36.839] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:02:36.839] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:02:36.839] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:02:36.839] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:02:39.773] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24168 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54138_192-168-37-136_8080.1727405512.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54138_192-168-37-136_8080.1727405512.jsonl?X-Amz-Signature=f81fbb64ca0d763e43899d7b6146c95569be9c2575958468648001603d91b4e6&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251209T120239Z&X-Amz-SignedHeaders=host"} [2025-12-09 20:02:39.773] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:02:39.773] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:02:39.774] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:02:39.774] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:02:39.774] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:02:39.774] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:02:39.957] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54138_192-168-37-136_8080.1727405512.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281759774, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 54138, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:02:39.957] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:02:39.957] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:02:39.957] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:02:39.957] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:02:42.889] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24921 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54130_192-168-37-136_8080.1727405491.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54130_192-168-37-136_8080.1727405491.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T120242Z&X-Amz-Signature=6a1b4c68c2efe4c0f4842a1e192cbf885979238c22b70397a467c0bbf4f18631"} [2025-12-09 20:02:42.890] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:02:42.890] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:02:42.890] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:02:42.890] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:02:42.890] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:02:42.890] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:02:43.073] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54130_192-168-37-136_8080.1727405491.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281762890, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 54130, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:02:43.073] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:02:43.073] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:02:43.073] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:02:43.073] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:02:45.992] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25250 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54131_192-168-37-136_8080.1727405496.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54131_192-168-37-136_8080.1727405496.jsonl?X-Amz-Date=20251209T120245Z&X-Amz-Signature=f7ac86ff6ea51f231990d6b02b36c218b5a6699932f92787dfd3e4026c25ec20&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-09 20:02:45.992] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:02:45.992] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:02:45.992] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:02:45.992] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:02:45.992] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:02:45.993] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:02:46.177] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54131_192-168-37-136_8080.1727405496.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281765994, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 54131, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:02:46.177] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:02:46.177] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:02:46.177] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:02:46.177] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:02:49.107] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25251 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36454_192-168-37-136_8080.1727405529.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36454_192-168-37-136_8080.1727405529.jsonl?X-Amz-Date=20251209T120248Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=5ae7e4b3ef5676659d7037f4da9d8dff0f3eea59280273cd4764d5cc02772657"} [2025-12-09 20:02:49.107] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:02:49.107] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:02:49.107] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:02:49.107] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:02:49.107] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:02:49.107] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:02:49.291] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36454_192-168-37-136_8080.1727405529.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281769107, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 36454, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:02:49.291] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:02:49.291] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:02:49.291] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:02:49.291] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:02:52.221] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24922 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36456_192-168-37-136_8080.1727405536.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36456_192-168-37-136_8080.1727405536.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=85d11cbdfe65efbbb0de87e619606de8ddc6d010145fd339609979b2bf882dcb&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T120251Z"} [2025-12-09 20:02:52.221] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:02:52.221] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:02:52.221] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:02:52.222] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:02:52.222] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:02:52.222] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:02:52.405] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36456_192-168-37-136_8080.1727405536.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281772222, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 36456, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:02:52.405] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:02:52.405] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:02:52.405] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:02:52.405] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:02:55.336] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24169 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54136_192-168-37-136_8080.1727405509.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54136_192-168-37-136_8080.1727405509.jsonl?X-Amz-Date=20251209T120254Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=fe0db617aec57d37237192027e088868ab9b2e9039896cceaebde9818ca88976&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-09 20:02:55.336] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:02:55.336] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:02:55.336] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:02:55.336] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:02:55.336] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:02:55.337] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:02:55.521] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54136_192-168-37-136_8080.1727405509.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281775337, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 54136, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:02:55.521] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:02:55.521] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:02:55.521] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:02:55.521] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:02:58.452] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25252 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_http_cat.pcap.TCP_192-168-52-1_13173_192-168-52-129_80.1726193267.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_http_cat.pcap.TCP_192-168-52-1_13173_192-168-52-129_80.1726193267.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T120257Z&X-Amz-Expires=604800&X-Amz-Signature=57c9c5686987d717721bbf0576f3606352c01dd54bde38e2cde535a8e91b0c52&X-Amz-SignedHeaders=host"} [2025-12-09 20:02:58.453] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:02:58.453] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:02:58.453] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:02:58.453] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:02:58.453] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:02:58.454] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:02:58.637] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_http_cat.pcap.TCP_192-168-52-1_13173_192-168-52-129_80.1726193267.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281778454, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 13173, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:02:58.637] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:02:58.637] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:02:58.637] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:02:58.637] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:03:01.583] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24923 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53641_192-168-112-135_443.1726625082.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53641_192-168-112-135_443.1726625082.jsonl?X-Amz-Date=20251209T120301Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=ca345ab88f8e91cd21fbf30fd997c418c0441c81f2e5b60cf1d5aa1e4c5a4a27"} [2025-12-09 20:03:01.583] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:03:01.583] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:03:01.583] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:03:01.583] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:03:01.583] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:03:01.584] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:03:01.800] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53641_192-168-112-135_443.1726625082.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281781584, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53641, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999927073155073, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:03:01.800] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:03:01.800] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:03:01.800] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:03:01.800] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:03:04.702] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24170 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54134_192-168-37-136_8080.1727405507.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54134_192-168-37-136_8080.1727405507.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251209T120304Z&X-Amz-Signature=fe0f08a85ff31b010bb1f7ebe38161aaef75245eba5ec8b801e5e766d4d85ee2&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:03:04.703] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:03:04.703] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:03:04.703] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:03:04.703] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:03:04.703] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:03:04.703] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:03:04.887] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54134_192-168-37-136_8080.1727405507.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281784703, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 54134, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:03:04.887] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:03:04.887] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:03:04.887] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:03:04.887] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:03:07.816] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24171 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54137_192-168-37-136_8080.1727405510.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54137_192-168-37-136_8080.1727405510.jsonl?X-Amz-Signature=0be95046c1dd7685e28991163030c0490e4aa3243e2cd573580b4497fde7a6c4&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T120307Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 20:03:07.816] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:03:07.816] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:03:07.816] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:03:07.816] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:03:07.816] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:03:07.816] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:03:08.000] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54137_192-168-37-136_8080.1727405510.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281787817, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 54137, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:03:08.000] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:03:08.000] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:03:08.000] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:03:08.000] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:03:10.919] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24924 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54139_192-168-37-136_8080.1727405513.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54139_192-168-37-136_8080.1727405513.jsonl?X-Amz-Signature=b88a4ad375687e0c5d2041b22f90a9a90e443bbe93ca7d93e236358c651e1711&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T120310Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:03:10.919] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:03:10.919] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:03:10.919] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:03:10.919] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:03:10.919] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:03:10.920] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:03:11.103] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54139_192-168-37-136_8080.1727405513.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281790920, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 54139, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:03:11.103] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:03:11.103] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:03:11.103] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:03:11.103] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:03:14.026] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25253 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63360.1727520063.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63360.1727520063.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251209T120313Z&X-Amz-SignedHeaders=host&X-Amz-Signature=cfa08cedeb63c81798078f221dfe9977d717c7b9b62f844fbd6027bfce19f8b1"} [2025-12-09 20:03:14.026] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:03:14.026] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:03:14.026] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:03:14.026] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:03:14.026] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:03:14.027] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:03:14.210] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63360.1727520063.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281794027, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 63360, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:03:14.210] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:03:14.210] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:03:14.210] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:03:14.210] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:03:17.134] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24925 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55521_192-168-112-135_80.1727254876.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55521_192-168-112-135_80.1727254876.jsonl?X-Amz-Date=20251209T120316Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=17200c49a694f7960a1b21b932ffbce911be87f46759b1dfb899eaf98bd14aa3&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-09 20:03:17.134] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:03:17.134] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:03:17.134] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:03:17.134] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:03:17.134] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:03:17.135] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:03:17.318] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55521_192-168-112-135_80.1727254876.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281797135, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 55521, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:03:17.318] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:03:17.318] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:03:17.318] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:03:17.318] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:03:20.236] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24172 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50573.1727436128.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50573.1727436128.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=0792871108bc4758f0e0e55ffb252dde8c3fa26991f76ec1e062a18c3be370b0&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T120319Z"} [2025-12-09 20:03:20.236] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:03:20.236] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:03:20.237] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:03:20.237] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:03:20.237] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:03:20.237] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:03:20.421] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50573.1727436128.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281800237, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 50573, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:03:20.421] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:03:20.421] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:03:20.421] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:03:20.421] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:03:23.347] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24926 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54127_192-168-37-136_8080.1727405487.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54127_192-168-37-136_8080.1727405487.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251209T120322Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=6c0bd876e206a95526dc7715b56b063d672515bdf2677994896927dc5ffbf456&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:03:23.347] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:03:23.347] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:03:23.347] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:03:23.347] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:03:23.347] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:03:23.348] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:03:23.527] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54127_192-168-37-136_8080.1727405487.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281803348, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 54127, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:03:23.527] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:03:23.527] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:03:23.527] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:03:23.527] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:03:26.459] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25254 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62816.1727519466.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62816.1727519466.jsonl?X-Amz-Date=20251209T120325Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=095dc121fb46d87db752cd4ffa56e6ee881406000fd286eb93f3e19fd7eac671"} [2025-12-09 20:03:26.459] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:03:26.459] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:03:26.459] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:03:26.459] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:03:26.459] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:03:26.460] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:03:26.647] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62816.1727519466.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281806460, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 62816, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:03:26.647] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:03:26.647] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:03:26.647] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:03:26.647] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:03:29.577] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24173 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61698.1727518200.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61698.1727518200.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=592bde204cfa2ae900d16107b0e2524861cf376c8b4aaaa717fdb0696269553b&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T120329Z"} [2025-12-09 20:03:29.577] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:03:29.577] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:03:29.577] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:03:29.577] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:03:29.577] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:03:29.578] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:03:29.763] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61698.1727518200.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281809578, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 61698, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:03:29.763] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:03:29.763] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:03:29.763] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:03:29.763] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:03:32.697] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24927 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_whoami.pcap.TCP_192-168-52-1_21148_192-168-52-129_443.1725955229.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_whoami.pcap.TCP_192-168-52-1_21148_192-168-52-129_443.1725955229.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=ff7e65c6ea9fdd15e60e7f87859946646aef1a79c881a025fd48148c8cebc5d6&X-Amz-Date=20251209T120332Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:03:32.697] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:03:32.697] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:03:32.697] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:03:32.697] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:03:32.697] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:03:32.698] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:03:32.916] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_whoami.pcap.TCP_192-168-52-1_21148_192-168-52-129_443.1725955229.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281812698, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 21148, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999845902304513, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:03:32.916] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:03:32.916] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:03:32.916] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:03:32.916] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:03:35.809] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24928 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_whoami.pcap.TCP_192-168-52-1_21138_192-168-52-129_443.1725955220.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_whoami.pcap.TCP_192-168-52-1_21138_192-168-52-129_443.1725955220.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251209T120335Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=57f57acee56e5e06a97e3f3754052ba6be2a65e1a3fef11c66d63d0a1b75c92c&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:03:35.809] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:03:35.809] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:03:35.810] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:03:35.810] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:03:35.810] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:03:35.810] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:03:35.996] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_whoami.pcap.TCP_192-168-52-1_21138_192-168-52-129_443.1725955220.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281815811, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 21138, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999965685950969, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:03:35.996] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:03:35.996] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:03:35.996] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:03:35.996] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:03:38.929] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25255 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40629_192-168-37-136_8443.1727405639.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40629_192-168-37-136_8443.1727405639.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T120338Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=6a7e5bcf113a9f239f044fc719626c56b52d54fa2496cefe76f5f9040f2c6583"} [2025-12-09 20:03:38.929] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:03:38.929] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:03:38.929] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:03:38.929] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:03:38.929] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:03:38.930] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:03:39.115] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40629_192-168-37-136_8443.1727405639.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281818930, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 40629, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9999965050562283, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:03:39.115] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:03:39.115] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:03:39.115] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:03:39.115] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:03:42.045] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24929 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40631_192-168-37-136_8443.1727405641.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40631_192-168-37-136_8443.1727405641.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251209T120341Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=60ca739b1c7f8959fa1488929e54d5b28acee46f802d6d711115b2d24f47c65b&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:03:42.045] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:03:42.045] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:03:42.046] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:03:42.046] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:03:42.046] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:03:42.047] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:03:42.232] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40631_192-168-37-136_8443.1727405641.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281822047, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 40631, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9999506455301298, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:03:42.232] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:03:42.232] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:03:42.232] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:03:42.232] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:03:45.155] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25256 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63344.1727520049.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63344.1727520049.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T120344Z&X-Amz-Signature=6aa884c5b1544f2302d33dc89f3960af9e9aa8d08b6388a51d599ceaec1ffd10&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:03:45.155] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:03:45.155] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:03:45.155] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:03:45.155] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:03:45.155] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:03:45.156] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:03:45.339] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63344.1727520049.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281825156, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 63344, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:03:45.339] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:03:45.339] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:03:45.339] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:03:45.339] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:03:48.269] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24174 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61670.1727518173.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61670.1727518173.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251209T120347Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=6084f3a78faef62983c85cb75064054e01440a8f36965e925ae5e3901cf5dad1"} [2025-12-09 20:03:48.269] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:03:48.269] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:03:48.270] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:03:48.270] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:03:48.270] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:03:48.270] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:03:48.454] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61670.1727518173.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281828270, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 61670, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:03:48.454] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:03:48.454] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:03:48.454] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:03:48.454] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:03:51.396] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24175 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62800.1727519453.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62800.1727519453.jsonl?X-Amz-Signature=503cb03b8b01a04b90f848722488bbad308694785c87dedce53aa7248750f68d&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251209T120350Z"} [2025-12-09 20:03:51.397] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:03:51.397] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:03:51.397] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:03:51.397] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:03:51.397] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:03:51.397] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:03:51.580] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62800.1727519453.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281831397, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 62800, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:03:51.580] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:03:51.580] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:03:51.580] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:03:51.580] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:03:54.510] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24930 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_ls.pcap.TCP_192-168-52-1_11671_192-168-52-129_443.1726018242.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_ls.pcap.TCP_192-168-52-1_11671_192-168-52-129_443.1726018242.jsonl?X-Amz-Date=20251209T120354Z&X-Amz-Signature=1941726a3f4a0fe77f4c16aafb07b0202bdcc6989ed9a68ba3fefd234bf20ed0&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:03:54.510] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:03:54.510] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:03:54.511] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:03:54.511] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:03:54.511] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:03:54.512] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:03:54.699] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_ls.pcap.TCP_192-168-52-1_11671_192-168-52-129_443.1726018242.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281834512, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 11671, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9998645525083372, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:03:54.699] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:03:54.699] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:03:54.699] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:03:54.699] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:03:57.631] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24931 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40628_192-168-37-136_8443.1727405635.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40628_192-168-37-136_8443.1727405635.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T120357Z&X-Amz-Signature=6ee6f152ebea8cf1e641adb921cb8a835c95edebb3b853803611d799e39f19a4&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-09 20:03:57.632] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:03:57.632] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:03:57.632] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:03:57.632] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:03:57.632] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:03:57.632] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:03:57.822] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40628_192-168-37-136_8443.1727405635.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281837632, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 40628, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9996947990433751, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:03:57.822] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:03:57.822] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:03:57.822] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:03:57.822] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:04:00.749] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24176 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55530_192-168-112-135_80.1727254882.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55530_192-168-112-135_80.1727254882.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T120400Z&X-Amz-Expires=604800&X-Amz-Signature=e2c7243c5af3c35d1dc3c8a89b5b9f8368f3a7b476929d829059b5b067e2f0cc"} [2025-12-09 20:04:00.749] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:04:00.750] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:04:00.750] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:04:00.750] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:04:00.750] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:04:00.750] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:04:00.933] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55530_192-168-112-135_80.1727254882.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281840750, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 55530, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:04:00.933] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:04:00.933] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:04:00.933] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:04:00.933] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:04:03.851] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24932 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55491_192-168-112-135_80.1727254862.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55491_192-168-112-135_80.1727254862.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T120403Z&X-Amz-SignedHeaders=host&X-Amz-Signature=96f8de9ee81b328f531d4a49236fb8bc484a7cd478311c91689f93f22b3587c5&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-09 20:04:03.851] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:04:03.851] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:04:03.852] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:04:03.852] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:04:03.852] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:04:03.852] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:04:04.035] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55491_192-168-112-135_80.1727254862.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281843852, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 55491, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:04:04.035] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:04:04.035] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:04:04.035] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:04:04.035] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:04:06.964] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24177 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50552.1727436110.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50552.1727436110.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=32bee57dd0a4d85a313385ef3de5338f2d9bb7adff924803027b56130338963d&X-Amz-Date=20251209T120406Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:04:06.964] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:04:06.964] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:04:06.964] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:04:06.964] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:04:06.964] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:04:06.965] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:04:07.181] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50552.1727436110.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281846965, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 50552, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:04:07.181] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:04:07.182] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:04:07.182] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:04:07.182] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:04:10.072] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24178 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55495_192-168-112-135_80.1727254864.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55495_192-168-112-135_80.1727254864.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=515b572b56663729875d2416e28202b69bc83d99810ee6976bab880dc31d2e3f&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251209T120409Z"} [2025-12-09 20:04:10.073] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:04:10.073] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:04:10.073] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:04:10.073] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:04:10.073] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:04:10.074] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:04:10.258] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55495_192-168-112-135_80.1727254864.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281850074, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 55495, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:04:10.258] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:04:10.258] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:04:10.258] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:04:10.258] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:04:13.182] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25257 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55543_192-168-112-135_80.1727254887.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55543_192-168-112-135_80.1727254887.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T120412Z&X-Amz-Signature=1021ef0bc32b70191f2d34c47c81108d370b007eaf8631e23832057e03eb1643&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 20:04:13.183] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:04:13.183] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:04:13.183] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:04:13.183] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:04:13.183] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:04:13.183] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:04:13.366] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55543_192-168-112-135_80.1727254887.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281853183, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 55543, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:04:13.366] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:04:13.366] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:04:13.366] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:04:13.366] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:04:16.305] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25258 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai3_https_whoami.pcap.TCP_192-168-52-1_40790_192-168-52-129_443.1726041626.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai3_https_whoami.pcap.TCP_192-168-52-1_40790_192-168-52-129_443.1726041626.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T120415Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=dffc68a1e8a1297c80d0c12242cb57a1c331efd447419d47f565dfe1e4afa798&X-Amz-SignedHeaders=host"} [2025-12-09 20:04:16.305] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:04:16.305] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:04:16.305] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:04:16.305] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:04:16.305] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:04:16.306] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:04:16.491] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai3_https_whoami.pcap.TCP_192-168-52-1_40790_192-168-52-129_443.1726041626.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281856306, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 40790, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999915946036992, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:04:16.491] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:04:16.491] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:04:16.491] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:04:16.491] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:04:19.420] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25259 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_ls.pcap.TCP_192-168-52-1_12256_192-168-52-129_443.1726018536.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_ls.pcap.TCP_192-168-52-1_12256_192-168-52-129_443.1726018536.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T120418Z&X-Amz-Signature=02b99a6e1b893e9cda1f56993ad8310ef39cc31733938244e9715ee2cb8f69ad&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:04:19.420] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:04:19.420] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:04:19.420] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:04:19.420] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:04:19.420] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:04:19.421] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:04:19.617] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_ls.pcap.TCP_192-168-52-1_12256_192-168-52-129_443.1726018536.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281859421, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 12256, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999894442529297, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:04:19.617] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:04:19.617] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:04:19.617] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:04:19.617] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:04:22.546] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25260 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42268_192-168-163-23_443.1726208854.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42268_192-168-163-23_443.1726208854.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T120422Z&X-Amz-Signature=31aa74120af10f044ebedbc1f8f2fef59c7835003b78f8b36907bd4eb9008b58"} [2025-12-09 20:04:22.546] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:04:22.546] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:04:22.546] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:04:22.546] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:04:22.546] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:04:22.547] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:04:22.734] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42268_192-168-163-23_443.1726208854.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281862547, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42268, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9992458167925284, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:04:22.734] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:04:22.734] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:04:22.734] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:04:22.734] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:04:25.667] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24179 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52972_192-168-32-40_443.1726127483.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52972_192-168-32-40_443.1726127483.jsonl?X-Amz-Signature=4e9ad3c8d11103d32b478fdadde7e2b7ed03a3da10998021bd65a2ece07ff81a&X-Amz-Date=20251209T120425Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:04:25.667] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:04:25.667] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:04:25.667] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:04:25.667] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:04:25.667] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:04:25.668] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:04:25.853] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52972_192-168-32-40_443.1726127483.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281865668, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "protocol": 6, "src_port": 52972, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999827732972721, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:04:25.853] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:04:25.853] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:04:25.853] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:04:25.853] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:04:28.778] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24180 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50450.1727159688.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50450.1727159688.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=05288e8ab87712d1d7f2cbcfd94b1de17789062ec8e88dcdc10cbcfc60c268ce&X-Amz-Date=20251209T120428Z"} [2025-12-09 20:04:28.779] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:04:28.779] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:04:28.779] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:04:28.779] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:04:28.779] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:04:28.779] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:04:28.964] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50450.1727159688.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281868779, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50450, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9966468616913028, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:04:28.964] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:04:28.964] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:04:28.964] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:04:28.964] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:04:31.882] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25261 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42100_192-168-163-23_443.1726207998.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42100_192-168-163-23_443.1726207998.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=d58836b8efa9663d22f6aedfc0b42c2461c1d67afc8dea264823753583746019&X-Amz-Date=20251209T120431Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:04:31.882] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:04:31.882] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:04:31.882] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:04:31.882] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:04:31.882] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:04:31.883] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:04:32.068] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42100_192-168-163-23_443.1726207998.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281871883, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42100, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9999799070167682, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:04:32.068] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:04:32.068] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:04:32.068] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:04:32.068] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:04:34.992] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25262 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52799_192-168-32-40_443.1726127473.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52799_192-168-32-40_443.1726127473.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T120434Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=157f4363accba3c7ced97d03ebe1f83aeb11f4288069c8c2acf145961688a1c5&X-Amz-Expires=604800"} [2025-12-09 20:04:34.992] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:04:34.992] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:04:34.992] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:04:34.992] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:04:34.992] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:04:34.993] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:04:35.177] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52799_192-168-32-40_443.1726127473.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281874993, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "protocol": 6, "src_port": 52799, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.999985053539937, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:04:35.177] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:04:35.177] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:04:35.177] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:04:35.177] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:04:38.108] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25263 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50131.1726212721.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50131.1726212721.jsonl?X-Amz-Expires=604800&X-Amz-Signature=b50f90aa5be159769a74e63c4f47a1192a046c12d85ce997adf32353642bf981&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T120437Z"} [2025-12-09 20:04:38.109] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:04:38.109] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:04:38.109] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:04:38.109] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:04:38.109] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:04:38.109] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:04:38.294] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50131.1726212721.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281878109, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50131, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9993986883604957, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:04:38.294] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:04:38.294] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:04:38.294] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:04:38.294] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:04:41.225] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24181 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_whoami.pcap.TCP_192-168-52-1_13322_192-168-52-129_80.1726193381.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_whoami.pcap.TCP_192-168-52-1_13322_192-168-52-129_80.1726193381.jsonl?X-Amz-Signature=b651ca6a34a036e19b77085d311098c4bcb1272df105856edb2104d1a39262c2&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T120440Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 20:04:41.225] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:04:41.225] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:04:41.225] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:04:41.225] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:04:41.225] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:04:41.226] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:04:41.409] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_whoami.pcap.TCP_192-168-52-1_13322_192-168-52-129_80.1726193381.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281881226, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 13322, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:04:41.409] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:04:41.409] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:04:41.409] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:04:41.409] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:04:44.338] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24933 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_53311_192-168-32-40_443.1726127506.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_53311_192-168-32-40_443.1726127506.jsonl?X-Amz-Signature=d14f78a1ba2569114b266b3f006af8aa72921f6a260dc10f3fe3275d192a1814&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T120443Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 20:04:44.338] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:04:44.338] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:04:44.338] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:04:44.338] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:04:44.338] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:04:44.338] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:04:44.523] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_53311_192-168-32-40_443.1726127506.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281884338, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "protocol": 6, "src_port": 53311, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.999999251911683, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:04:44.523] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:04:44.523] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:04:44.523] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:04:44.523] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:04:47.442] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25264 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-136_44854.1726132120.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-136_44854.1726132120.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=a667987d18733644c44b8edbccfe3fbd1917adac52edfc374a497f9c298ded82&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T120446Z"} [2025-12-09 20:04:47.442] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:04:47.442] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:04:47.443] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:04:47.443] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:04:47.443] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:04:47.443] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:04:47.629] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-136_44854.1726132120.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281887443, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44854, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8649753129761104, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:04:47.629] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:04:47.629] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:04:47.629] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:04:47.629] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:04:50.545] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25265 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44892.1726132175.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44892.1726132175.jsonl?X-Amz-Expires=604800&X-Amz-Signature=6bdc43e636edb8a68c2764898fca20543dfc4ef876819bfa897651869151100a&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T120450Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-09 20:04:50.546] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:04:50.546] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:04:50.546] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:04:50.546] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:04:50.546] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:04:50.546] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:04:50.732] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44892.1726132175.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281890546, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44892, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8347860719091235, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:04:50.732] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:04:50.732] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:04:50.732] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:04:50.732] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:04:53.663] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24182 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44916.1726132216.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44916.1726132216.jsonl?X-Amz-Expires=604800&X-Amz-Signature=aeaa01de4e15315431921dae6c4641cd5e9177297164d35136ffaed4d1c59515&X-Amz-Date=20251209T120453Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-09 20:04:53.663] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:04:53.663] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:04:53.663] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:04:53.663] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:04:53.663] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:04:53.663] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:04:53.849] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44916.1726132216.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281893663, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44916, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7820979762504217, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:04:53.849] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:04:53.849] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:04:53.849] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:04:53.849] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:04:56.765] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24934 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49246.1727232128.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49246.1727232128.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T120456Z&X-Amz-Signature=1a55410233d69a0f692d7707e18ffe2e8021f9051aabab0a9eded70d09c4df6e&X-Amz-SignedHeaders=host"} [2025-12-09 20:04:56.765] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:04:56.765] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:04:56.766] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:04:56.766] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:04:56.766] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:04:56.766] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:04:56.983] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49246.1727232128.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281896766, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49246, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9788907865142036, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:04:56.983] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:04:56.983] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:04:56.983] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:04:56.983] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:04:59.879] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25266 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53340.1726132256.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53340.1726132256.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=44860719e4671b0cd3b8d85385dc7c07bdd4d892cafe060402d26c93909e1e07&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T120459Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:04:59.879] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:04:59.879] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:04:59.879] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:04:59.880] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:04:59.880] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:04:59.880] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:05:00.066] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53340.1726132256.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281899880, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53340, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.8829184175754848, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:05:00.066] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:05:00.066] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:05:00.066] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:05:00.066] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:05:02.991] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25267 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54125_192-168-37-136_8080.1727405485.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54125_192-168-37-136_8080.1727405485.jsonl?X-Amz-Signature=248b48ce5ce74b0e2d4c9bcba55a0308136d64b50da4fe847d13bd3d905dda2f&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T120502Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-09 20:05:02.991] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:05:02.991] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:05:02.991] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:05:02.991] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:05:02.991] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:05:02.992] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:05:03.175] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54125_192-168-37-136_8080.1727405485.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281902992, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 54125, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:05:03.175] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:05:03.175] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:05:03.175] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:05:03.175] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:05:06.103] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24183 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54126_192-168-37-136_8080.1727405487.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54126_192-168-37-136_8080.1727405487.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=ff0e4d566d72c9a35bebda1f8193cf1ea3cf2ac2138388ed099feb21deb54c23&X-Amz-Date=20251209T120505Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:05:06.103] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:05:06.103] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:05:06.103] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:05:06.103] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:05:06.104] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:05:06.104] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:05:06.287] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54126_192-168-37-136_8080.1727405487.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281906104, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 54126, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:05:06.287] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:05:06.287] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:05:06.287] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:05:06.287] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:05:09.212] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25268 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54128_192-168-37-136_8080.1727405489.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54128_192-168-37-136_8080.1727405489.jsonl?X-Amz-Signature=8ee4ec94478f7de25f5170e479fdbdbc658802f511ef46cc4fced2b1d3f021e9&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T120508Z"} [2025-12-09 20:05:09.212] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:05:09.212] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:05:09.212] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:05:09.212] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:05:09.212] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:05:09.213] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:05:09.397] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54128_192-168-37-136_8080.1727405489.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281909213, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 54128, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:05:09.397] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:05:09.397] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:05:09.397] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:05:09.397] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:05:12.323] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24184 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42267_192-168-163-23_443.1726208846.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42267_192-168-163-23_443.1726208846.jsonl?X-Amz-Signature=12893d57683b07edbbf4998d6108b550538ea0443ace98d16ce28a0835a86544&X-Amz-Date=20251209T120511Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-09 20:05:12.324] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:05:12.324] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:05:12.324] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:05:12.324] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:05:12.324] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:05:12.324] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:05:12.510] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42267_192-168-163-23_443.1726208846.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281912324, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42267, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9999935017400218, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:05:12.510] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:05:12.510] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:05:12.510] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:05:12.510] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:05:15.444] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24935 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55600_192-168-112-135_443.1727254925.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55600_192-168-112-135_443.1727254925.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=2cdf0933ce9121747f85eb8f7f53e5956e7367ef7fe1b5d9e46176e13587e35b&X-Amz-Date=20251209T120514Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:05:15.445] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:05:15.445] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:05:15.445] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:05:15.445] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:05:15.445] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:05:15.446] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:05:15.632] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55600_192-168-112-135_443.1727254925.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281915446, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 55600, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.999783355112218, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:05:15.632] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:05:15.632] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:05:15.632] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:05:15.632] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:05:18.564] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24185 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42274_192-168-163-23_443.1726208860.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42274_192-168-163-23_443.1726208860.jsonl?X-Amz-Date=20251209T120517Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=acf29f1c6072550a6d9ac25cbf15ededb277a9fe512d774a8eeb278ac41574d1&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:05:18.564] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:05:18.564] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:05:18.564] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:05:18.564] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:05:18.564] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:05:18.565] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:05:18.747] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42274_192-168-163-23_443.1726208860.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281918565, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42274, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9998794249838118, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:05:18.747] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:05:18.747] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:05:18.747] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:05:18.747] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:05:21.681] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25269 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42263_192-168-163-23_443.1726208839.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42263_192-168-163-23_443.1726208839.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=927a45b8550dc3498f04ed8a4f306c8378b3d3a5aa8c37b6ddf1cb7c5ee7c785&X-Amz-Date=20251209T120521Z&X-Amz-SignedHeaders=host"} [2025-12-09 20:05:21.681] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:05:21.681] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:05:21.681] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:05:21.681] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:05:21.681] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:05:21.682] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:05:21.868] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42263_192-168-163-23_443.1726208839.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281921682, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42263, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.999846512099934, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:05:21.868] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:05:21.868] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:05:21.868] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:05:21.868] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:05:24.796] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24186 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50128.1726212719.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50128.1726212719.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=1c4827fcd8b1199d86fbc7391456ce8dff7c3124b276c2737ba815fb2a62a86a&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T120524Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:05:24.797] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:05:24.797] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:05:24.797] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:05:24.797] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:05:24.797] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:05:24.797] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:05:24.983] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50128.1726212719.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281924797, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50128, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9934623185581525, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:05:24.983] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:05:24.983] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:05:24.983] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:05:24.983] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:05:27.909] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24187 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50134.1726212724.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50134.1726212724.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=dc3c37e55027e33d97fd31b4ed03b133aefb556bd32e1d3dcf803abebf1f64d4&X-Amz-Date=20251209T120527Z"} [2025-12-09 20:05:27.909] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:05:27.909] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:05:27.909] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:05:27.909] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:05:27.910] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:05:27.910] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:05:28.130] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50134.1726212724.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281927910, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50134, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9891992744984781, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:05:28.130] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:05:28.130] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:05:28.130] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:05:28.130] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:05:31.024] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24188 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42110_192-168-163-23_443.1726208030.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42110_192-168-163-23_443.1726208030.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T120530Z&X-Amz-Signature=c361d5d75e53fb3beadb11036c804a41af73ac0cd1dedf212e8bce9532591346"} [2025-12-09 20:05:31.024] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:05:31.024] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:05:31.024] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:05:31.024] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:05:31.024] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:05:31.025] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:05:31.214] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42110_192-168-163-23_443.1726208030.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281931025, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42110, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9999717344853102, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:05:31.214] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:05:31.214] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:05:31.214] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:05:31.214] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:05:34.128] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24936 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42283_192-168-163-23_443.1726208876.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42283_192-168-163-23_443.1726208876.jsonl?X-Amz-Date=20251209T120533Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=4f95d6b77aaf0753b1edd5520c806f4aa0793b2b9575cfbf5624cc716e91bc96&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:05:34.128] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:05:34.128] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:05:34.128] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:05:34.128] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:05:34.128] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:05:34.129] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:05:34.314] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42283_192-168-163-23_443.1726208876.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281934129, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42283, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9998899935895023, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:05:34.314] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:05:34.314] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:05:34.314] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:05:34.314] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:05:37.236] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24937 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_53138_192-168-32-40_443.1726127495.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_53138_192-168-32-40_443.1726127495.jsonl?X-Amz-Signature=e77d17db6fb78b144124c6cd5657d988bfdcb454401ac7552bf0e6d161d9b91c&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T120536Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:05:37.236] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:05:37.236] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:05:37.236] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:05:37.236] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:05:37.236] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:05:37.237] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:05:37.420] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_53138_192-168-32-40_443.1726127495.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281937237, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "protocol": 6, "src_port": 53138, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999997045117193, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:05:37.420] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:05:37.420] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:05:37.420] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:05:37.420] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:05:40.355] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24189 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50125.1726212718.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50125.1726212718.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T120539Z&X-Amz-Expires=604800&X-Amz-Signature=eabd87279ea6f4d2ae9fd43141b3c758cc283811f3472232a3caae695b507c11&X-Amz-SignedHeaders=host"} [2025-12-09 20:05:40.355] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:05:40.355] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:05:40.355] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:05:40.355] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:05:40.355] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:05:40.356] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:05:40.540] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50125.1726212718.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281940356, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50125, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9902112973095163, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:05:40.540] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:05:40.540] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:05:40.540] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:05:40.540] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:05:43.460] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25270 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50127.1726212719.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50127.1726212719.jsonl?X-Amz-Signature=8ed1ce3dabeafac82eec33d076543966da09349eab4bcfa6d1b95d3c6b9aefa2&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T120542Z&X-Amz-Expires=604800"} [2025-12-09 20:05:43.460] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:05:43.460] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:05:43.460] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:05:43.460] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:05:43.460] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:05:43.461] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:05:43.646] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50127.1726212719.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281943461, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50127, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9947485815446498, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:05:43.646] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:05:43.646] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:05:43.646] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:05:43.646] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:05:46.569] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25271 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_58172_192-168-32-40_80.1726196747.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_58172_192-168-32-40_80.1726196747.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=ec12296e4a6e97269b7a512f4c2c455c4c5a49ddabad0ffce40bf7af26d2eb5c&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T120546Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:05:46.569] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:05:46.569] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:05:46.569] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:05:46.569] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:05:46.569] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:05:46.570] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:05:46.753] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_58172_192-168-32-40_80.1726196747.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281946570, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "protocol": 6, "src_port": 58172, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:05:46.753] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:05:46.753] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:05:46.753] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:05:46.753] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:05:49.685] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24938 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_54386.1726130506.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_54386.1726130506.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T120549Z&X-Amz-Signature=b7a14de5e0dbf6f3f24f64435466c86485bc5fd602956b6c5ad0eb09e456c7c4"} [2025-12-09 20:05:49.685] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:05:49.685] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:05:49.686] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:05:49.686] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:05:49.686] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:05:49.686] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:05:49.872] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_54386.1726130506.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281949686, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54386, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8545308495946718, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:05:49.873] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:05:49.873] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:05:49.873] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:05:49.873] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:05:52.790] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25272 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51500.1726130547.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51500.1726130547.jsonl?X-Amz-Date=20251209T120552Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=1a59153b3276e3490986a3e86299d2b85a39c8fb0a4ff0511d4220354ee9f1d7&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-09 20:05:52.790] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:05:52.790] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:05:52.790] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:05:52.790] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:05:52.790] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:05:52.790] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:05:52.977] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51500.1726130547.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281952790, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 51500, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7652886925783811, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:05:52.977] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:05:52.977] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:05:52.977] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:05:52.977] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:05:55.892] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25273 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_44042.1726130601.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_44042.1726130601.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T120555Z&X-Amz-Expires=604800&X-Amz-Signature=74f951bcdd23b862ffd0e6813781809f7190da28faba9fcea4a738b401fa8e5d&X-Amz-SignedHeaders=host"} [2025-12-09 20:05:55.893] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:05:55.893] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:05:55.893] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:05:55.893] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:05:55.893] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:05:55.893] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:05:56.079] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_44042.1726130601.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281955893, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44042, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.6791167796113271, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:05:56.079] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:05:56.079] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:05:56.080] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:05:56.080] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:05:59.011] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24939 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_58174.1726129546.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_58174.1726129546.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T120558Z&X-Amz-Signature=7ffa9c7e3e5df5663bd11529113c2798e1c720cca8221e7439c88234c5cb4c65"} [2025-12-09 20:05:59.011] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:05:59.011] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:05:59.011] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:05:59.011] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:05:59.011] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:05:59.012] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:05:59.198] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_58174.1726129546.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281959012, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 58174, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7313231847218452, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:05:59.198] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:05:59.198] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:05:59.198] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:05:59.198] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:06:02.128] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24940 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_33074.1726129605.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_33074.1726129605.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T120601Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=15100680bca838b5145a2ff15a5458cebb5eade74ac4c2b7c2a85ca7f2134763"} [2025-12-09 20:06:02.128] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:06:02.128] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:06:02.128] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:06:02.128] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:06:02.128] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:06:02.129] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:06:02.349] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_33074.1726129605.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281962129, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 33074, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5467283177738326, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:06:02.349] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:06:02.349] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:06:02.349] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:06:02.349] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:06:05.240] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24941 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_36992.1726129657.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_36992.1726129657.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=eba9aa07d134aec9717b81ebafde0db28447474edb2183d604a1268f321b15f9&X-Amz-Date=20251209T120604Z&X-Amz-Expires=604800"} [2025-12-09 20:06:05.240] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:06:05.240] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:06:05.240] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:06:05.240] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:06:05.240] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:06:05.241] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:06:05.425] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_36992.1726129657.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281965241, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 36992, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7173125752864901, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:06:05.425] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:06:05.425] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:06:05.425] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:06:05.425] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:06:08.357] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24190 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_35960.1726130427.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_35960.1726130427.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251209T120607Z&X-Amz-Signature=fec8988de30e2c1d12b8674c77178b7e419e596b7d2fc31f58b78dce37fe4bb8&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:06:08.357] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:06:08.357] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:06:08.357] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:06:08.357] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:06:08.357] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:06:08.358] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:06:08.544] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_35960.1726130427.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281968358, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 35960, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5298220609605865, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:06:08.544] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:06:08.544] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:06:08.544] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:06:08.544] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:06:11.468] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25274 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42096_192-168-163-23_443.1726207955.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42096_192-168-163-23_443.1726207955.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T120610Z&X-Amz-Signature=5966b4e565684c175998081e407f0f15d9db36ef7c49726d67af50001b83ad6d"} [2025-12-09 20:06:11.468] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:06:11.468] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:06:11.468] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:06:11.468] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:06:11.468] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:06:11.469] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:06:11.654] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42096_192-168-163-23_443.1726207955.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281971469, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42096, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9990680748971026, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:06:11.654] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:06:11.654] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:06:11.654] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:06:11.654] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:06:14.580] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24942 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50130.1726212721.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50130.1726212721.jsonl?X-Amz-Expires=604800&X-Amz-Signature=13ff7e435010440561e8d17419a6afabbd20aebdcd985ccaf107d6147231c795&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T120614Z"} [2025-12-09 20:06:14.581] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:06:14.581] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:06:14.581] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:06:14.581] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:06:14.581] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:06:14.581] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:06:14.766] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50130.1726212721.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281974581, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50130, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9610371025904593, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:06:14.766] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:06:14.766] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:06:14.766] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:06:14.766] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:06:17.701] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24191 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain1.1726212841.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain1.1726212841.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T120617Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=8221be9098bdc7ed1ab28c1f194d6f4eecaecf4119dca98549ab5bf7703a6cdd&X-Amz-Expires=604800"} [2025-12-09 20:06:17.701] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:06:17.701] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:06:17.701] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:06:17.701] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:06:17.701] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:06:17.702] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:06:17.887] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain1.1726212841.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281977702, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50185, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9411154499532502, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:06:17.887] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:06:17.887] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:06:17.887] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:06:17.887] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:06:20.815] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24192 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain1.pcap.TCP_192-168-112-139_51129_192-168-112-141_50185.1726212841.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain1.pcap.TCP_192-168-112-139_51129_192-168-112-141_50185.1726212841.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T120620Z&X-Amz-Expires=604800&X-Amz-Signature=df3fc277a44237d656d4feaabeffff43406762a2c8c5d66bde56d2c373146f0f&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:06:20.815] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:06:20.815] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:06:20.815] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:06:20.815] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:06:20.815] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:06:20.816] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:06:21.003] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain1.pcap.TCP_192-168-112-139_51129_192-168-112-141_50185.1726212841.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281980816, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50185, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9411154499532502, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:06:21.003] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:06:21.003] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:06:21.003] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:06:21.003] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:06:23.933] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25275 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50123.1726212710.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50123.1726212710.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T120623Z&X-Amz-Signature=b0fa76e225febeaa924f3fe0c58c35faf3bc7c2ef87655ecf06cf83798128305"} [2025-12-09 20:06:23.934] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:06:23.934] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:06:23.934] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:06:23.934] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:06:23.934] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:06:23.934] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:06:24.118] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50123.1726212710.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281983934, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50123, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9737056284005778, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:06:24.118] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:06:24.118] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:06:24.118] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:06:24.118] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:06:27.047] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25276 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50124.1726212714.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50124.1726212714.jsonl?X-Amz-Signature=c3e36a9c8dd6472223e5c734b07a024352142a7421b5f11d2edca2e86d7c1c9f&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251209T120626Z"} [2025-12-09 20:06:27.048] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:06:27.048] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:06:27.048] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:06:27.048] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:06:27.048] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:06:27.048] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:06:27.234] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50124.1726212714.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281987048, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50124, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9878386178448167, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:06:27.234] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:06:27.234] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:06:27.234] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:06:27.234] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:06:30.160] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24193 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50129.1726212720.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50129.1726212720.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=fc22561e87edcba0deb9bfe9d64cc764dfdb4082edb39721f10821fdcb09b601&X-Amz-Date=20251209T120629Z&X-Amz-Expires=604800"} [2025-12-09 20:06:30.160] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:06:30.160] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:06:30.160] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:06:30.160] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:06:30.160] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:06:30.161] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:06:30.346] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50129.1726212720.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281990161, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50129, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.983151851486558, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:06:30.346] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:06:30.346] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:06:30.346] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:06:30.346] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:06:33.280] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24194 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50132.1726212722.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50132.1726212722.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251209T120632Z&X-Amz-Signature=050bcc1f8923eb31e361c14ad2929881c652bc0ab96b9858ea8827bdfe04ade2&X-Amz-SignedHeaders=host"} [2025-12-09 20:06:33.280] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:06:33.280] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:06:33.280] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:06:33.280] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:06:33.280] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:06:33.281] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:06:33.472] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50132.1726212722.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281993281, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50132, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.937681800988194, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:06:33.472] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:06:33.472] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:06:33.472] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:06:33.472] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:06:36.395] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25277 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50135.1726212725.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50135.1726212725.jsonl?X-Amz-Signature=a4e0f7867d44dd3f636adfd6684b2dbb778edc2b84869bef0ffdb9f0f3ff2327&X-Amz-Date=20251209T120635Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 20:06:36.395] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:06:36.395] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:06:36.395] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:06:36.395] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:06:36.395] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:06:36.396] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:06:36.581] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50135.1726212725.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281996396, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50135, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9780476306840957, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:06:36.582] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:06:36.582] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:06:36.582] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:06:36.582] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:06:39.519] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25278 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50137.1726212727.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50137.1726212727.jsonl?X-Amz-Signature=a4e7af1ef328fccce38ca88b6282795353c33393aaf37c13515d92afb12f1f8e&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T120639Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:06:39.519] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:06:39.519] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:06:39.519] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:06:39.519] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:06:39.519] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:06:39.519] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:06:39.705] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50137.1726212727.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765281999520, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50137, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9813952725009292, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:06:39.705] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:06:39.705] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:06:39.705] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:06:39.705] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:06:42.623] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25279 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42111_192-168-163-23_443.1726208046.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42111_192-168-163-23_443.1726208046.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=eeec652185033bc4cb6a46d1ff253e3cb0ed03522cda9ebc8cc0896cc8c72279&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T120642Z&X-Amz-Expires=604800"} [2025-12-09 20:06:42.623] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:06:42.623] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:06:42.623] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:06:42.623] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:06:42.623] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:06:42.624] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:06:42.811] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42111_192-168-163-23_443.1726208046.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282002625, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42111, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9999394841464235, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:06:42.811] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:06:42.811] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:06:42.811] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:06:42.811] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:06:45.737] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24195 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50459.1727159698.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50459.1727159698.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T120645Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=94f685ecf44ac20fe437cdafc3ee1637678aa72b5511ae8366b229ff3b234088&X-Amz-SignedHeaders=host"} [2025-12-09 20:06:45.737] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:06:45.737] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:06:45.737] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:06:45.738] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:06:45.738] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:06:45.738] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:06:45.956] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50459.1727159698.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282005738, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50459, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9417957198933872, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:06:45.956] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:06:45.956] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:06:45.956] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:06:45.956] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:06:48.868] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25280 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42108_192-168-163-23_443.1726208017.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42108_192-168-163-23_443.1726208017.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=e91fed883e8f36ce6dbdc44ba6f36959b685ca88e1603ab369977625bd5c7f60&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T120648Z&X-Amz-Expires=604800"} [2025-12-09 20:06:48.868] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:06:48.868] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:06:48.868] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:06:48.868] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:06:48.868] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:06:48.869] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:06:49.054] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42108_192-168-163-23_443.1726208017.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282008869, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42108, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9998455172353017, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:06:49.054] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:06:49.054] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:06:49.054] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:06:49.054] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:06:51.971] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24196 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42280_192-168-163-23_443.1726208868.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42280_192-168-163-23_443.1726208868.jsonl?X-Amz-Date=20251209T120651Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=529241a0a1ccec612b3607e6ca86dabd5a87938e6ed25e33263107ae2c2cd183"} [2025-12-09 20:06:51.971] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:06:51.971] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:06:51.971] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:06:51.971] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:06:51.971] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:06:51.972] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:06:52.158] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42280_192-168-163-23_443.1726208868.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282011972, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42280, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9999636535382094, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:06:52.158] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:06:52.158] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:06:52.158] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:06:52.158] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:06:55.075] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24943 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50126.1726212718.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50126.1726212718.jsonl?X-Amz-Date=20251209T120654Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=060e6185bc972bb135ee811edb6dd507b8a6dbd4962c92c37686af3388657684&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:06:55.075] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:06:55.075] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:06:55.075] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:06:55.075] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:06:55.075] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:06:55.076] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:06:55.260] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50126.1726212718.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282015076, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50126, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9886484413236557, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:06:55.260] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:06:55.260] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:06:55.260] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:06:55.260] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:06:58.192] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24944 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50136.1726212726.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50136.1726212726.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=b6aa26737042268146281a1bf5ce1b3e5fd4f55ef85ca332e81385a20f302581&X-Amz-Date=20251209T120657Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:06:58.192] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:06:58.193] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:06:58.193] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:06:58.193] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:06:58.193] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:06:58.193] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:06:58.379] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50136.1726212726.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282018193, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50136, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.96622869987999, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:06:58.379] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:06:58.379] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:06:58.379] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:06:58.379] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:07:01.315] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25281 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41528_192-168-163-23_443.1726205296.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41528_192-168-163-23_443.1726205296.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=ec6bf7272772c3eb9733ea74e3f5d13ded0053afdf416d83b1971e70923938c5&X-Amz-Date=20251209T120700Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 20:07:01.316] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:07:01.316] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:07:01.316] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:07:01.316] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:07:01.316] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:07:01.317] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:07:01.503] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41528_192-168-163-23_443.1726205296.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282021317, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41528, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9999877296867019, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:07:01.503] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:07:01.503] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:07:01.503] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:07:01.503] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:07:04.430] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25282 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41852_192-168-163-23_443.1726206864.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41852_192-168-163-23_443.1726206864.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=bc612a4042e089c0f928ddfdb5d6cf93eb71aa7b6d44b3e0dba57f8f321d7646&X-Amz-Expires=604800&X-Amz-Date=20251209T120703Z"} [2025-12-09 20:07:04.430] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:07:04.430] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:07:04.430] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:07:04.430] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:07:04.430] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:07:04.431] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:07:04.616] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41852_192-168-163-23_443.1726206864.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282024431, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41852, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9999583979411051, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:07:04.616] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:07:04.616] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:07:04.616] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:07:04.616] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:07:07.557] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25283 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41520_192-168-163-23_443.1726205265.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41520_192-168-163-23_443.1726205265.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=616c9e56addc8fce0ec0904f91a6ae35d1dd9f586c049196dbc56d5db8fb61df&X-Amz-Date=20251209T120707Z"} [2025-12-09 20:07:07.557] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:07:07.557] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:07:07.557] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:07:07.557] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:07:07.557] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:07:07.558] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:07:07.744] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41520_192-168-163-23_443.1726205265.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282027558, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41520, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9998931424503055, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:07:07.744] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:07:07.744] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:07:07.744] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:07:07.744] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:07:10.680] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25284 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50446.1727159684.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50446.1727159684.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T120710Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=3629972e30b7f19562ec60704367c1c9276d0f289ac9895a8292de1abf5a4e52&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:07:10.681] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:07:10.681] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:07:10.681] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:07:10.681] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:07:10.681] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:07:10.682] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:07:10.877] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50446.1727159684.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282030682, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50446, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.6207118035310338, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:07:10.878] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:07:10.878] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:07:10.878] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:07:10.878] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:07:13.798] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24197 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49237.1727232113.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49237.1727232113.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=c6bbb59649371df9fc59db81c21472b3d9f876ffcc9f96f1c3bc999201529c4b&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T120713Z&X-Amz-SignedHeaders=host"} [2025-12-09 20:07:13.798] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:07:13.798] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:07:13.798] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:07:13.798] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:07:13.798] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:07:13.799] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:07:13.987] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49237.1727232113.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282033799, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49237, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9908266930075992, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:07:13.987] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:07:13.987] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:07:13.987] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:07:13.987] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:07:16.912] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25285 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49238.1727232116.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49238.1727232116.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=70592d828c37a9011671a8bd7c360d21b9eb7d8018bb573487116d867941caba&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T120716Z"} [2025-12-09 20:07:16.913] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:07:16.913] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:07:16.913] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:07:16.913] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:07:16.913] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:07:16.913] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:07:17.098] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49238.1727232116.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282036913, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49238, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9885446014610835, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:07:17.098] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:07:17.098] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:07:17.098] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:07:17.098] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:07:20.028] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24945 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49245.1727232128.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49245.1727232128.jsonl?X-Amz-Expires=604800&X-Amz-Signature=81eda99e499189f6a60ec71b5a6fdaa9cceeca527e3c6d0d31511df547358afb&X-Amz-Date=20251209T120719Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-09 20:07:20.028] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:07:20.028] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:07:20.028] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:07:20.028] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:07:20.029] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:07:20.029] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:07:20.215] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49245.1727232128.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282040030, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49245, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9911565590263544, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:07:20.215] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:07:20.215] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:07:20.215] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:07:20.215] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:07:23.149] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25286 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49247.1727232131.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49247.1727232131.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=8c5fd1349032e08b9128ad005a2da3307f19b49ff7f9c331cadc6ccb1d84c728&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T120722Z"} [2025-12-09 20:07:23.149] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:07:23.149] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:07:23.149] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:07:23.149] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:07:23.149] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:07:23.150] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:07:23.335] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49247.1727232131.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282043150, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49247, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9880475565625114, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:07:23.335] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:07:23.335] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:07:23.335] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:07:23.335] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:07:26.270] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25287 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50133.1726212723.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50133.1726212723.jsonl?X-Amz-Date=20251209T120725Z&X-Amz-SignedHeaders=host&X-Amz-Signature=39593df7368ab83be212613e9a6d1699bb60a27ead9a61c1e776312afa8316fa&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-09 20:07:26.270] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:07:26.271] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:07:26.271] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:07:26.271] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:07:26.271] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:07:26.271] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:07:26.457] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50133.1726212723.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282046271, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50133, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9997844571775872, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:07:26.457] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:07:26.457] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:07:26.457] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:07:26.457] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:07:29.374] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24198 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49243.1727232122.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49243.1727232122.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T120728Z&X-Amz-Signature=63d660bbc1dd9117cea27ec80e8fc7f85f54dd931e56c3fb16f97776214975c9&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:07:29.374] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:07:29.374] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:07:29.374] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:07:29.375] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:07:29.375] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:07:29.375] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:07:29.569] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49243.1727232122.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282049375, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49243, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9833003297276995, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:07:29.569] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:07:29.569] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:07:29.569] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:07:29.569] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:07:32.478] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25288 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42099_192-168-163-23_443.1726207974.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42099_192-168-163-23_443.1726207974.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T120731Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=6847aff05fba0c99af01dc9767c4d3e1f8b0630ec22f0a7450e8080ed4069c11&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:07:32.478] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:07:32.478] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:07:32.478] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:07:32.478] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:07:32.478] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:07:32.479] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:07:32.667] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42099_192-168-163-23_443.1726207974.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282052479, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42099, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.999962154174071, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:07:32.667] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:07:32.667] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:07:32.667] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:07:32.667] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:07:35.595] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24946 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49240.1727232119.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49240.1727232119.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=abb61bcbe4aff6d0e8fd55165a02d905ab5588b64008231e37e8ddacc6da1227&X-Amz-Date=20251209T120735Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-09 20:07:35.595] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:07:35.595] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:07:35.595] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:07:35.596] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:07:35.596] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:07:35.596] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:07:35.781] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49240.1727232119.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282055596, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49240, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9857957295444639, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:07:35.781] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:07:35.781] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:07:35.781] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:07:35.781] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:07:38.698] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25289 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49249.1727232134.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49249.1727232134.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=125fb0a776581aeebf3fe9eeef3068cb75ba6afc232fb7a7ac05a41e7df529d1&X-Amz-Expires=604800&X-Amz-Date=20251209T120738Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:07:38.698] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:07:38.698] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:07:38.699] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:07:38.699] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:07:38.699] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:07:38.699] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:07:38.885] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49249.1727232134.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282058699, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49249, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9846401513557035, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:07:38.885] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:07:38.885] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:07:38.885] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:07:38.885] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:07:41.805] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24199 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41823_192-168-163-23_443.1726206680.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41823_192-168-163-23_443.1726206680.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251209T120741Z&X-Amz-Signature=acce26f87b7cc8e987e04499b52420107067c076d902b835be64bb2f35a46222&X-Amz-SignedHeaders=host"} [2025-12-09 20:07:41.805] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:07:41.805] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:07:41.806] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:07:41.806] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:07:41.806] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:07:41.806] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:07:41.992] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41823_192-168-163-23_443.1726206680.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282061806, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41823, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9999537015204459, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:07:41.992] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:07:41.992] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:07:41.992] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:07:41.992] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:07:44.926] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24947 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49236.1727232109.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49236.1727232109.jsonl?X-Amz-Signature=fc4f01179e0e8c86132a7370789d9b1c7f84ffbaecbd4a831e5e200446ddf3bb&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T120744Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:07:44.926] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:07:44.926] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:07:44.926] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:07:44.926] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:07:44.926] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:07:44.927] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:07:45.113] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49236.1727232109.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282064927, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49236, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.997067507502594, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:07:45.113] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:07:45.113] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:07:45.113] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:07:45.113] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:07:48.045] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25290 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49251.1727232137.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49251.1727232137.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251209T120747Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=af880ae28ab12b376c06a7d30f6f7b1667b23a12911e688fa06443117a09ed85"} [2025-12-09 20:07:48.045] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:07:48.045] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:07:48.045] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:07:48.045] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:07:48.045] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:07:48.045] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:07:48.231] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49251.1727232137.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282068045, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49251, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9486643919608937, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:07:48.231] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:07:48.231] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:07:48.231] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:07:48.231] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:07:51.165] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24948 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP2.pcap.TCP_192-168-112-140_51119_192-168-112-141_49197.1727231967.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP2.pcap.TCP_192-168-112-140_51119_192-168-112-141_49197.1727231967.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=65715b46a67e9e96c074a39d9832ac1c176782e1f9f315eeb4481eb89f3e0512&X-Amz-Expires=604800&X-Amz-Date=20251209T120750Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:07:51.165] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:07:51.165] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:07:51.165] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:07:51.165] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:07:51.166] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:07:51.166] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:07:51.352] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP2.pcap.TCP_192-168-112-140_51119_192-168-112-141_49197.1727231967.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282071166, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49197, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9843356646814752, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:07:51.352] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:07:51.352] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:07:51.352] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:07:51.352] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:07:54.285] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24949 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP2.pcap.TCP_192-168-112-140_51119_192-168-112-141_49199.1727231975.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP2.pcap.TCP_192-168-112-140_51119_192-168-112-141_49199.1727231975.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=0b1e9521c0414ac6a406b95c21f639816e61acf13deefda96d0e311672d04cf0&X-Amz-Date=20251209T120753Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:07:54.285] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:07:54.285] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:07:54.285] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:07:54.285] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:07:54.285] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:07:54.286] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:07:54.471] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP2.pcap.TCP_192-168-112-140_51119_192-168-112-141_49199.1727231975.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282074286, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49199, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9952403705974404, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:07:54.471] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:07:54.471] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:07:54.471] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:07:54.471] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:07:57.399] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25291 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49241.1727232119.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49241.1727232119.jsonl?X-Amz-Signature=73c17e19ca89a01d03500812dcd9659a3dc3f99c8275bb58c349dd8a382ad31f&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T120756Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-09 20:07:57.399] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:07:57.399] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:07:57.400] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:07:57.400] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:07:57.400] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:07:57.400] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:07:57.595] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49241.1727232119.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282077400, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49241, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9916490801881285, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:07:57.595] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:07:57.595] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:07:57.595] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:07:57.595] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:08:00.510] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24950 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49248.1727232131.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49248.1727232131.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=cb999a53f51a19747d2f18b45285a0f9ddf45ba18105cb9e7258793d09a2bc59&X-Amz-Date=20251209T120800Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:08:00.510] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:08:00.510] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:08:00.511] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:08:00.511] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:08:00.511] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:08:00.511] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:08:00.699] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49248.1727232131.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282080511, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49248, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9771774959854481, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:08:00.699] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:08:00.699] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:08:00.699] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:08:00.699] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:08:03.625] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25292 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50458.1727159697.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50458.1727159697.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=56829883d4cfeda2fcc1b47807f61c51a00b2afbf8e35fa2c9849bd140b59fd3&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T120803Z&X-Amz-SignedHeaders=host"} [2025-12-09 20:08:03.625] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:08:03.626] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:08:03.626] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:08:03.626] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:08:03.626] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:08:03.626] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:08:03.811] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50458.1727159697.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282083626, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50458, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9351269276217935, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:08:03.812] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:08:03.812] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:08:03.812] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:08:03.812] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:08:06.731] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24200 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50482.1727159723.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50482.1727159723.jsonl?X-Amz-Expires=604800&X-Amz-Signature=376828a1fa5fe642a1493d64bfe2983025081e15abe0df8e801ce1fd8dc73d94&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T120806Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:08:06.731] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:08:06.731] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:08:06.731] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:08:06.731] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:08:06.731] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:08:06.732] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:08:06.917] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50482.1727159723.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282086732, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50482, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.7632523561242499, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:08:06.917] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:08:06.917] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:08:06.917] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:08:06.917] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:08:09.849] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24951 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49239.1727232116.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49239.1727232116.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=6c177f375674b71e640cf6099b5233d92390a63401c67f2f15ec623c568220d1&X-Amz-Date=20251209T120809Z"} [2025-12-09 20:08:09.849] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:08:09.849] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:08:09.850] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:08:09.850] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:08:09.850] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:08:09.850] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:08:10.036] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49239.1727232116.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282089850, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49239, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9826038775697016, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:08:10.036] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:08:10.036] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:08:10.036] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:08:10.036] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:08:12.961] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25293 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49250.1727232134.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49250.1727232134.jsonl?X-Amz-Signature=3cf5a886881307056ea7cecca467d41090840ff16b11195d287658c3fc575577&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T120812Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:08:12.961] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:08:12.961] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:08:12.961] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:08:12.961] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:08:12.961] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:08:12.962] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:08:13.147] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49250.1727232134.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282092962, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49250, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8794335776698408, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:08:13.147] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:08:13.147] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:08:13.147] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:08:13.147] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:08:16.072] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24201 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50449.1727159687.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50449.1727159687.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T120815Z&X-Amz-Expires=604800&X-Amz-Signature=6929a78025e2704f381f7273925cf879a67aa3a793e8f5ab4b22657d41aacf57"} [2025-12-09 20:08:16.073] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:08:16.073] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:08:16.073] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:08:16.073] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:08:16.073] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:08:16.073] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:08:16.258] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50449.1727159687.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282096074, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50449, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.6400137191298733, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:08:16.258] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:08:16.258] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:08:16.258] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:08:16.258] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:08:19.192] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25294 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50473.1727159714.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50473.1727159714.jsonl?X-Amz-Signature=497dc954e1bbe9c97d1203d2b800452dcaac5b69a133551328fc9211d1af6540&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T120818Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-09 20:08:19.192] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:08:19.192] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:08:19.192] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:08:19.192] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:08:19.192] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:08:19.193] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:08:19.382] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50473.1727159714.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282099193, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50473, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8748114553943344, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:08:19.382] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:08:19.382] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:08:19.382] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:08:19.382] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:08:22.305] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24952 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49235.1727232105.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49235.1727232105.jsonl?X-Amz-Date=20251209T120821Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=617dc92ba9d5825c6adf20a94d8b606d3766bcb6f24e1f367d3fe2ff40c54824&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-09 20:08:22.305] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:08:22.305] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:08:22.305] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:08:22.305] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:08:22.305] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:08:22.306] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:08:22.493] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49235.1727232105.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282102306, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49235, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9875123349483848, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:08:22.493] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:08:22.493] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:08:22.493] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:08:22.493] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:08:25.420] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25295 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49242.1727232122.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49242.1727232122.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T120824Z&X-Amz-Signature=bcd39e404ddb87b367e24bbb523bb0ebbee886b8ffb3a67a3721577bd6da16fc"} [2025-12-09 20:08:25.420] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:08:25.420] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:08:25.420] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:08:25.420] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:08:25.420] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:08:25.420] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:08:25.606] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49242.1727232122.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282105421, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49242, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9929056904995154, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:08:25.606] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:08:25.606] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:08:25.606] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:08:25.606] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:08:28.535] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24202 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50495.1727159736.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50495.1727159736.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251209T120828Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=546094c1e46289258e10aa56d9986250c681a81d3e1fe4d325f2d20633bcbbb3&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:08:28.535] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:08:28.536] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:08:28.536] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:08:28.536] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:08:28.536] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:08:28.536] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:08:28.721] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50495.1727159736.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282108536, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50495, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9438502507410287, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:08:28.721] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:08:28.721] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:08:28.721] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:08:28.721] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:08:31.653] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25296 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52985_192-168-32-40_443.1726127488.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52985_192-168-32-40_443.1726127488.jsonl?X-Amz-Date=20251209T120831Z&X-Amz-SignedHeaders=host&X-Amz-Signature=62d91edcfbebccc5122c546b080ce5901f573e25e5824f27b8d174fe26e9fd7b&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:08:31.654] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:08:31.654] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:08:31.654] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:08:31.654] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:08:31.654] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:08:31.654] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:08:31.840] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52985_192-168-32-40_443.1726127488.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282111654, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "protocol": 6, "src_port": 52985, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.999952364900613, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:08:31.840] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:08:31.840] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:08:31.840] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:08:31.840] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:08:34.767] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24203 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49234.1727232101.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49234.1727232101.jsonl?X-Amz-Signature=ee73195eccac1f442081d128c23f4ae756128829f0dbf5eb85053474fa49c477&X-Amz-Expires=604800&X-Amz-Date=20251209T120834Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:08:34.767] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:08:34.767] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:08:34.767] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:08:34.767] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:08:34.767] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:08:34.768] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:08:34.954] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49234.1727232101.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282114769, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49234, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.979683017409808, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:08:34.954] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:08:34.954] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:08:34.954] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:08:34.954] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:08:37.882] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24204 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49244.1727232125.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49244.1727232125.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T120837Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=9eb04c6ea48d4715b9ea14ab926dc7cf0158dde0f1bb7d9c99ac84d087e26f77"} [2025-12-09 20:08:37.882] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:08:37.882] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:08:37.882] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:08:37.882] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:08:37.882] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:08:37.883] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:08:38.069] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49244.1727232125.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282117883, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49244, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9965613085791998, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:08:38.069] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:08:38.069] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:08:38.069] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:08:38.069] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:08:40.996] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25297 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41529_192-168-163-23_443.1726205304.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41529_192-168-163-23_443.1726205304.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T120840Z&X-Amz-Signature=a20f7cd948f70b2df89db870f50bc62d7db30d6aa74da881df22d2219c547c83&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:08:40.996] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:08:40.996] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:08:40.996] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:08:40.996] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:08:40.996] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:08:40.997] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:08:41.189] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41529_192-168-163-23_443.1726205304.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282120998, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41529, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9876990947565499, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:08:41.189] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:08:41.189] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:08:41.189] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:08:41.189] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:08:44.113] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24205 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61661.1727518163.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61661.1727518163.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=92013168cda5f27a5ce4b6cbf6024ea338cc54b6a32a6322ff722ab43c00b9ab&X-Amz-Date=20251209T120843Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-09 20:08:44.113] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:08:44.113] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:08:44.113] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:08:44.113] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:08:44.113] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:08:44.114] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:08:44.297] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61661.1727518163.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282124114, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 61661, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:08:44.297] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:08:44.297] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:08:44.297] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:08:44.297] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:08:47.229] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24953 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50448.1727159685.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50448.1727159685.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251209T120846Z&X-Amz-Signature=3c1c96b975b791af67e622a5969eb3a362d4ec5969ee54d48995bb17984c8473&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:08:47.229] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:08:47.229] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:08:47.229] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:08:47.229] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:08:47.230] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:08:47.230] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:08:47.449] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50448.1727159685.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282127230, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50448, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8561333002701108, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:08:47.449] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:08:47.449] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:08:47.449] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:08:47.449] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:08:50.341] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24954 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50451.1727159689.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50451.1727159689.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T120849Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=87ad46f7e27da4555a126f4eac46a0341f4053b5ea8e2464f7dd7a0896f47199&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 20:08:50.341] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:08:50.341] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:08:50.341] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:08:50.341] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:08:50.341] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:08:50.341] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:08:50.527] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50451.1727159689.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282130342, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50451, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8274199630783736, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:08:50.527] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:08:50.527] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:08:50.527] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:08:50.527] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:08:53.460] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25298 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50452.1727159690.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50452.1727159690.jsonl?X-Amz-Date=20251209T120852Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=25f0749633e22426f112b26ae6b62e6b298727c84c35da72bd2302f91a329285&X-Amz-Expires=604800"} [2025-12-09 20:08:53.460] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:08:53.460] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:08:53.460] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:08:53.460] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:08:53.460] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:08:53.461] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:08:53.645] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50452.1727159690.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282133461, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50452, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9622542297552491, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:08:53.645] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:08:53.645] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:08:53.645] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:08:53.645] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:08:56.573] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24206 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50453.1727159691.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50453.1727159691.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=b78c09d3bccc31019ef90241289d3f15ce5c2e04d3b863601e7744591385b5cf&X-Amz-Date=20251209T120856Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:08:56.573] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:08:56.573] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:08:56.574] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:08:56.574] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:08:56.574] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:08:56.575] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:08:56.760] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50453.1727159691.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282136575, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50453, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9465658811252624, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:08:56.760] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:08:56.760] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:08:56.760] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:08:56.760] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:08:59.688] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24207 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50454.1727159693.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50454.1727159693.jsonl?X-Amz-Date=20251209T120859Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=13eaa85306c3ef20385f71c67fafed8cc7959f56970985c219d8320a3f71da1c"} [2025-12-09 20:08:59.688] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:08:59.688] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:08:59.689] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:08:59.689] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:08:59.689] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:08:59.689] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:08:59.874] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50454.1727159693.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282139689, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50454, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9237116769276617, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:08:59.874] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:08:59.874] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:08:59.875] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:08:59.875] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:09:02.803] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25299 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50455.1727159694.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50455.1727159694.jsonl?X-Amz-Signature=0e85317a6e5bc0069a4b9b4de8fb945cafe7b42b12866a4168a9126f900fd9a5&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T120902Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:09:02.803] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:09:02.803] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:09:02.803] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:09:02.803] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:09:02.803] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:09:02.804] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:09:02.989] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50455.1727159694.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282142804, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50455, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8178259229147375, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:09:02.989] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:09:02.989] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:09:02.989] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:09:02.989] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:09:05.915] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24208 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50456.1727159695.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50456.1727159695.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=8b8d7d66cba4391223f580588478b390eebe7deddf484dbf6ff324628106e046&X-Amz-Date=20251209T120905Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:09:05.915] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:09:05.915] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:09:05.915] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:09:05.915] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:09:05.915] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:09:05.915] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:09:06.101] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50456.1727159695.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282145915, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50456, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.6550124542186542, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:09:06.101] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:09:06.101] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:09:06.101] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:09:06.101] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:09:09.031] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24955 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50457.1727159696.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50457.1727159696.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T120908Z&X-Amz-SignedHeaders=host&X-Amz-Signature=fe85fc2cf23e2976f2c5e88828773689d7717e0f5e883375d5d9ec6ab942a5a6&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:09:09.031] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:09:09.031] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:09:09.031] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:09:09.031] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:09:09.032] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:09:09.032] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:09:09.217] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50457.1727159696.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282149032, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50457, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8881844764676449, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:09:09.217] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:09:09.217] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:09:09.217] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:09:09.217] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:09:12.147] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24956 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50460.1727159699.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50460.1727159699.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=c068f58db6ad5e0387b789e2c7720c1270c5cbcf12608096daccdea324b77cab&X-Amz-Expires=604800&X-Amz-Date=20251209T120911Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-09 20:09:12.147] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:09:12.147] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:09:12.148] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:09:12.148] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:09:12.148] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:09:12.148] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:09:12.334] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50460.1727159699.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282152148, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50460, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9337957409302919, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:09:12.334] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:09:12.334] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:09:12.334] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:09:12.334] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:09:15.258] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25300 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50461.1727159700.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50461.1727159700.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=9c739042ba9cc7178fb54c0adcf1f9756b15af7a949950acac36b10c3ffd1802&X-Amz-Date=20251209T120914Z"} [2025-12-09 20:09:15.258] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:09:15.258] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:09:15.258] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:09:15.258] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:09:15.258] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:09:15.259] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:09:15.450] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50461.1727159700.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282155259, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50461, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8766804159278622, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:09:15.450] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:09:15.450] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:09:15.450] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:09:15.450] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:09:18.374] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24957 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50462.1727159702.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50462.1727159702.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=16cf2be9ff7012116acb646d350b23af46edbfee07a0b423768f180661d64c57&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T120917Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 20:09:18.374] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:09:18.374] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:09:18.374] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:09:18.374] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:09:18.374] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:09:18.375] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:09:18.595] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50462.1727159702.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282158375, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50462, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8739267281198654, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:09:18.595] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:09:18.595] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:09:18.595] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:09:18.595] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:09:21.479] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25301 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50463.1727159703.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50463.1727159703.jsonl?X-Amz-Date=20251209T120920Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=b1acfa7389fd1ccff31db730a227e434cafc1e3c11b6c29bb749b85354f466f3&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:09:21.479] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:09:21.479] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:09:21.479] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:09:21.479] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:09:21.479] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:09:21.479] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:09:21.669] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50463.1727159703.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282161480, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50463, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.7212493263319284, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:09:21.669] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:09:21.669] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:09:21.669] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:09:21.669] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:09:24.600] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24958 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50464.1727159704.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50464.1727159704.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=b78e3c0f117f2ad643fa79092401284314c2c2c791a98b4ad921d48a0be5f60a&X-Amz-Date=20251209T120924Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-09 20:09:24.600] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:09:24.600] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:09:24.600] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:09:24.600] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:09:24.600] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:09:24.601] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:09:24.787] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50464.1727159704.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282164601, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50464, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9927556625666566, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:09:24.787] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:09:24.787] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:09:24.787] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:09:24.787] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:09:27.702] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24209 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50465.1727159705.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50465.1727159705.jsonl?X-Amz-Date=20251209T120927Z&X-Amz-Signature=2c68e7eaee90849c08ec23c7f5bb4d71168ff14d70141e6cceb3c44ac35d81c8&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 20:09:27.702] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:09:27.702] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:09:27.703] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:09:27.703] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:09:27.703] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:09:27.703] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:09:27.889] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50465.1727159705.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282167703, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50465, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9918610516124646, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:09:27.889] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:09:27.889] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:09:27.889] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:09:27.889] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:09:30.813] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24959 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50466.1727159706.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50466.1727159706.jsonl?X-Amz-Date=20251209T120930Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=fb3eae93c998a77819849008cd2eee9ae2b53656001a554034215aeac3bd27fd"} [2025-12-09 20:09:30.813] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:09:30.813] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:09:30.813] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:09:30.813] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:09:30.813] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:09:30.814] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:09:30.999] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50466.1727159706.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282170814, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50466, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9385947596844778, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:09:30.999] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:09:30.999] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:09:30.999] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:09:30.999] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:09:33.922] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24960 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50467.1727159707.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50467.1727159707.jsonl?X-Amz-Date=20251209T120933Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=756836cf31cfadbc2bf8074a0a68c09d758dc53d156f496064f5c352e8d39654&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:09:33.923] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:09:33.923] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:09:33.923] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:09:33.923] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:09:33.923] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:09:33.923] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:09:34.108] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50467.1727159707.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282173923, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50467, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.7115084736428052, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:09:34.108] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:09:34.108] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:09:34.108] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:09:34.108] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:09:37.032] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25302 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50468.1727159708.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50468.1727159708.jsonl?X-Amz-Date=20251209T120936Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=65c33b017e12f214fe4de5ad5a7c316d4e001df7d263e62f405f706c5c17ab54"} [2025-12-09 20:09:37.032] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:09:37.032] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:09:37.033] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:09:37.033] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:09:37.033] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:09:37.033] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:09:37.219] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50468.1727159708.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282177033, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50468, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8018646925426739, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:09:37.219] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:09:37.219] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:09:37.219] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:09:37.219] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:09:40.147] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24210 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50469.1727159710.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50469.1727159710.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251209T120939Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=66b289f62d545617f62417ca3243d7263fb07dbf21e8db86fb9e33ac7e9100e2"} [2025-12-09 20:09:40.147] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:09:40.147] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:09:40.147] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:09:40.147] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:09:40.147] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:09:40.148] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:09:40.333] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50469.1727159710.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282180148, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50469, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9630902025436278, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:09:40.333] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:09:40.333] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:09:40.333] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:09:40.333] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:09:43.250] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24211 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50470.1727159711.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50470.1727159711.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251209T120942Z&X-Amz-Signature=d21589b995759d977fe8e82bc44fb3f5a4b9e759054c2dd72cdc7ef428afbf98"} [2025-12-09 20:09:43.250] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:09:43.250] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:09:43.250] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:09:43.250] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:09:43.250] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:09:43.251] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:09:43.436] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50470.1727159711.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282183251, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50470, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9778479528954627, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:09:43.436] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:09:43.436] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:09:43.436] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:09:43.436] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:09:46.364] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25303 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50471.1727159712.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50471.1727159712.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=4f575feb2d0e18fb401e3d9bb58e91e36a1c3b18d817d7fa0a4cacccb7573e2c&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T120945Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:09:46.364] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:09:46.364] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:09:46.365] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:09:46.365] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:09:46.365] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:09:46.365] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:09:46.551] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50471.1727159712.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282186365, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50471, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8753867325600264, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:09:46.551] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:09:46.551] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:09:46.551] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:09:46.551] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:09:49.483] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24961 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50472.1727159713.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50472.1727159713.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T120948Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=187175147cd2d8c5d3a4f04b9fbae8f6c3080553cfac5a251cccad445db2dc2c"} [2025-12-09 20:09:49.483] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:09:49.483] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:09:49.483] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:09:49.483] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:09:49.483] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:09:49.484] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:09:49.669] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50472.1727159713.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282189484, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50472, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9501198340432971, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:09:49.669] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:09:49.669] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:09:49.669] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:09:49.669] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:09:52.586] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25304 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50475.1727159715.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50475.1727159715.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=243cf2e2261b6655c64c6456d957c8c30a801ef682ab887dba6283c692032751&X-Amz-Expires=604800&X-Amz-Date=20251209T120952Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:09:52.586] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:09:52.586] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:09:52.586] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:09:52.586] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:09:52.586] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:09:52.587] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:09:52.804] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50475.1727159715.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282192587, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50475, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.5976508091250565, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:09:52.804] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:09:52.804] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:09:52.804] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:09:52.804] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:09:55.690] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24212 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50476.1727159716.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50476.1727159716.jsonl?X-Amz-Signature=b99561a16eeda91cd70e9f82a8d823c548b39f4554e06f0e38ea6a06b62fb1c1&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T120955Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 20:09:55.690] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:09:55.690] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:09:55.690] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:09:55.690] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:09:55.690] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:09:55.691] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:09:55.876] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50476.1727159716.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282195691, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50476, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9444439587238346, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:09:55.876] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:09:55.876] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:09:55.876] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:09:55.876] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:09:58.811] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24962 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50477.1727159718.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50477.1727159718.jsonl?X-Amz-Date=20251209T120958Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=f74765e1c9b8e2da0df77eecb6bad395b6413bc7988cf50f76f43f5c938a972b&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:09:58.811] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:09:58.811] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:09:58.812] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:09:58.812] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:09:58.812] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:09:58.812] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:09:58.997] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50477.1727159718.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282198812, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50477, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8894632108572206, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:09:58.997] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:09:58.997] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:09:58.997] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:09:58.997] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:10:01.926] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24213 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50478.1727159719.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50478.1727159719.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=bdd9c9e4e211e2f922c676d76ea87f3198e2ae8b3317325e300c6c4eb1e0cead&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T121001Z"} [2025-12-09 20:10:01.926] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:10:01.926] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:10:01.926] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:10:01.926] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:10:01.926] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:10:01.926] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:10:02.111] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50478.1727159719.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282201926, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50478, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8867138406207913, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:10:02.111] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:10:02.111] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:10:02.112] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:10:02.112] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:10:05.037] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24963 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50479.1727159720.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50479.1727159720.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T121004Z&X-Amz-Signature=ba7b121ed6798ab1ddc58faf4c0ee51c687f1c7cc5082a2f6625ae147d95d53a&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-09 20:10:05.037] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:10:05.037] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:10:05.037] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:10:05.037] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:10:05.037] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:10:05.038] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:10:05.225] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50479.1727159720.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282205038, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50479, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8608551881795766, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:10:05.225] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:10:05.225] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:10:05.225] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:10:05.225] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:10:08.150] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24964 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50480.1727159721.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50480.1727159721.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=a9caf8ac756c875163521120228c705ed607d5fca24ecec70d0354f1c7240068&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T121007Z"} [2025-12-09 20:10:08.150] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:10:08.150] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:10:08.151] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:10:08.151] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:10:08.151] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:10:08.151] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:10:08.336] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50480.1727159721.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282208151, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50480, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8768360047823152, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:10:08.336] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:10:08.336] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:10:08.336] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:10:08.336] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:10:11.253] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24965 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50481.1727159722.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50481.1727159722.jsonl?X-Amz-Expires=604800&X-Amz-Signature=02678d1b819001d1c7e2b4e2e62623cb447a365d10b7bdae9737da3610ed8486&X-Amz-Date=20251209T121010Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:10:11.254] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:10:11.254] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:10:11.254] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:10:11.254] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:10:11.254] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:10:11.254] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:10:11.439] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50481.1727159722.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282211254, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50481, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.6620730752219484, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:10:11.439] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:10:11.439] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:10:11.439] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:10:11.439] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:10:14.365] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25305 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50484.1727159725.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50484.1727159725.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T121013Z&X-Amz-Signature=3c9827dd42387022449e6bd2429c0d88cf0123a5973fd03fed6c9d3c3c9309e3"} [2025-12-09 20:10:14.365] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:10:14.365] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:10:14.365] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:10:14.365] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:10:14.365] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:10:14.366] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:10:14.551] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50484.1727159725.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282214366, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50484, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.777173441974523, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:10:14.551] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:10:14.551] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:10:14.551] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:10:14.551] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:10:17.477] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24214 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50485.1727159726.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50485.1727159726.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=05dfa16af18443dd94c3f15b76ff20094b23457b0a7804a69bda81ff8be50175&X-Amz-Date=20251209T121016Z&X-Amz-Expires=604800"} [2025-12-09 20:10:17.477] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:10:17.477] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:10:17.477] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:10:17.477] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:10:17.477] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:10:17.478] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:10:17.663] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50485.1727159726.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282217478, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50485, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8079560299283343, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:10:17.663] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:10:17.663] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:10:17.663] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:10:17.663] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:10:20.600] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25306 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50486.1727159727.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50486.1727159727.jsonl?X-Amz-Signature=c09b4a88e7fb21a2c3f49f31337351f7556a263b0722f3ed2602badd2e958a16&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T121020Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 20:10:20.600] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:10:20.601] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:10:20.601] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:10:20.601] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:10:20.601] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:10:20.601] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:10:20.786] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50486.1727159727.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282220601, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50486, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8854999027550163, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:10:20.786] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:10:20.786] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:10:20.786] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:10:20.786] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:10:23.709] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24215 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50487.1727159728.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50487.1727159728.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251209T121023Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=169f9be152d7242c94c3382b4e128cd062c85f84a8aa8aadd5b2e15fe1519948"} [2025-12-09 20:10:23.709] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:10:23.709] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:10:23.709] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:10:23.709] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:10:23.709] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:10:23.710] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:10:23.896] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50487.1727159728.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282223710, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50487, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.6872012369079102, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:10:23.896] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:10:23.896] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:10:23.896] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:10:23.896] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:10:26.825] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25307 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50488.1727159729.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50488.1727159729.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T121026Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=17406ce77a4ba52e61ed2ded13a07e86278531ac50e26d7414138a853e8980b4"} [2025-12-09 20:10:26.825] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:10:26.825] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:10:26.825] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:10:26.825] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:10:26.825] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:10:26.826] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:10:27.045] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50488.1727159729.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282226826, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50488, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.8096350199225714, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:10:27.045] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:10:27.045] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:10:27.045] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:10:27.045] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:10:29.939] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25308 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50489.1727159730.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50489.1727159730.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T121029Z&X-Amz-Signature=82642a327716a9ff3c886bf67d6ecc63efd028b959d99ce58f480d639c6ff751&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-09 20:10:29.939] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:10:29.939] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:10:29.939] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:10:29.939] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:10:29.939] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:10:29.939] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:10:30.124] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50489.1727159730.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282229939, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50489, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.7730757449807033, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:10:30.124] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:10:30.124] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:10:30.124] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:10:30.124] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:10:33.050] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24966 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50490.1727159731.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50490.1727159731.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251209T121032Z&X-Amz-Expires=604800&X-Amz-Signature=733a891534a5565d9d14c580ebdc4fa09837ac8cab7dd7db51865c7deb75a9cb&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:10:33.051] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:10:33.051] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:10:33.051] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:10:33.051] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:10:33.051] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:10:33.051] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:10:33.236] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50490.1727159731.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282233051, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50490, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9083148784560441, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:10:33.236] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:10:33.236] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:10:33.236] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:10:33.236] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:10:36.158] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25309 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50491.1727159733.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50491.1727159733.jsonl?X-Amz-Signature=baec3bf542bb05aa90c37b114795153b98038a31f3fe89d9dc69ea9cf2307179&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T121035Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:10:36.158] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:10:36.158] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:10:36.159] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:10:36.159] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:10:36.159] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:10:36.159] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:10:36.344] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50491.1727159733.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282236159, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50491, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9055755776829566, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:10:36.344] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:10:36.344] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:10:36.344] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:10:36.344] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:10:39.273] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24967 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50492.1727159734.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50492.1727159734.jsonl?X-Amz-Date=20251209T121038Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=7a35478790ed292b4d6bff1dc0ebef089ea9402cb43e3f1c0b7f70f6b17d8945&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 20:10:39.273] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:10:39.273] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:10:39.274] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:10:39.274] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:10:39.274] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:10:39.274] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:10:39.459] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50492.1727159734.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282239274, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50492, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9985325956810535, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:10:39.459] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:10:39.459] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:10:39.459] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:10:39.459] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:10:42.390] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24968 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50493.1727159735.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50493.1727159735.jsonl?X-Amz-Expires=604800&X-Amz-Signature=19682f62cd4c9d8915df5d21d76eb877518ddaf4f70797352db4eca7cbd10e3d&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T121041Z"} [2025-12-09 20:10:42.390] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:10:42.390] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:10:42.390] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:10:42.390] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:10:42.390] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:10:42.391] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:10:42.587] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50493.1727159735.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282242391, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50493, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.7927906307368934, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:10:42.587] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:10:42.587] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:10:42.587] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:10:42.587] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:10:45.505] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24969 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50474.1727159714.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50474.1727159714.jsonl?X-Amz-Date=20251209T121045Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=09ba930c0dee3a532b75c557cf0bdb6ef8aea96329478e9c3d80ed8aed91cee0"} [2025-12-09 20:10:45.505] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:10:45.505] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:10:45.506] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:10:45.506] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:10:45.506] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:10:45.506] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:10:45.691] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50474.1727159714.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282245506, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50474, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.774733297741169, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:10:45.691] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:10:45.691] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:10:45.691] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:10:45.691] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:10:48.608] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25310 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50483.1727159724.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50483.1727159724.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=6b702dc362d7c7f99581bbf87119515facd1374aee921eb0cb3248e0e2e31514&X-Amz-Date=20251209T121048Z"} [2025-12-09 20:10:48.608] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:10:48.608] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:10:48.608] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:10:48.608] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:10:48.608] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:10:48.609] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:10:48.801] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50483.1727159724.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282248609, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50483, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.5945419797780971, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:10:48.802] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:10:48.802] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:10:48.802] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:10:48.802] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:10:51.726] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24216 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_54358.1726130503.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_54358.1726130503.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=4859244e6e6beacdb7c376d20aae9fbf03d01163bc2a0d24d2ee51c6700d1dfb&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T121051Z&X-Amz-Expires=604800"} [2025-12-09 20:10:51.726] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:10:51.726] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:10:51.726] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:10:51.726] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:10:51.726] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:10:51.727] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:10:51.922] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_54358.1726130503.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282251727, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54358, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.49381248622124246, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:10:51.922] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:10:51.922] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:10:51.922] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:10:51.922] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:10:54.847] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24970 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42210_192-168-163-23_80.1726208586.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42210_192-168-163-23_80.1726208586.jsonl?X-Amz-Date=20251209T121054Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=0b71cc6a1b1706d2b33d4b7aa97b5fbfbf7bc07c24d4aea31a4c1e6a98207a73&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:10:54.847] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:10:54.847] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:10:54.847] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:10:54.847] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:10:54.847] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:10:54.847] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:10:55.031] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42210_192-168-163-23_80.1726208586.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282254848, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42210, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:10:55.031] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:10:55.031] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:10:55.031] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:10:55.031] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:10:57.964] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24971 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53555_192-168-112-135_443.1726624870.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53555_192-168-112-135_443.1726624870.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=479a6c183a7bd5e31b830a930bd15b72a4b4f2167ab1c4aa579918fc14c337c3&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T121057Z"} [2025-12-09 20:10:57.965] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:10:57.965] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:10:57.965] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:10:57.965] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:10:57.965] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:10:57.965] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:10:58.152] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53555_192-168-112-135_443.1726624870.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282257965, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53555, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999923337358079, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:10:58.152] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:10:58.152] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:10:58.152] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:10:58.152] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:11:01.081] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25311 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-136_44848.1726132117.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-136_44848.1726132117.jsonl?X-Amz-Date=20251209T121100Z&X-Amz-SignedHeaders=host&X-Amz-Signature=5ac2bb13a1bd3813b30204ac1f4dfff0ea601bcae10216578570c8a4c51da3c7&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-09 20:11:01.081] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:11:01.081] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:11:01.081] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:11:01.081] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:11:01.081] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:11:01.082] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:11:01.268] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-136_44848.1726132117.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282261082, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44848, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8577944376622961, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:11:01.268] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:11:01.268] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:11:01.268] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:11:01.268] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:11:04.185] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24217 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-136_44852.1726132120.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-136_44852.1726132120.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=e8c11792167f6c6c9ae13000af3de6965909326201927947b6726a7e7cd96ffa&X-Amz-Date=20251209T121103Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-09 20:11:04.186] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:11:04.186] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:11:04.186] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:11:04.186] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:11:04.186] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:11:04.186] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:11:04.405] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-136_44852.1726132120.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282264186, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44852, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7941063337160675, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:11:04.405] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:11:04.405] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:11:04.405] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:11:04.405] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:11:07.303] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24218 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44884.1726132168.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44884.1726132168.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251209T121106Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=22fc60d4b360e0f71bb19f8f64e4511340af1d471d2f4905e1238d02bb5da082&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-09 20:11:07.303] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:11:07.303] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:11:07.303] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:11:07.303] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:11:07.303] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:11:07.303] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:11:07.486] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44884.1726132168.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282267303, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44884, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9062125665453248, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:11:07.487] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:11:07.487] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:11:07.487] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:11:07.487] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:11:10.418] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24219 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44886.1726132172.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44886.1726132172.jsonl?X-Amz-Date=20251209T121109Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=90efbbd240103cbb563ff4c18e8866a9bdd15cbbcc2121570bd19248b8937e46&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:11:10.418] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:11:10.418] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:11:10.419] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:11:10.419] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:11:10.419] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:11:10.419] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:11:10.604] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44886.1726132172.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282270419, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44886, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7458259782927552, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:11:10.604] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:11:10.604] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:11:10.604] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:11:10.604] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:11:13.536] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24220 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44890.1726132175.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44890.1726132175.jsonl?X-Amz-Signature=36f9044f6d52ae8de1d6dd431b03bcbbdefd25197c20221400c810dde23d21b9&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T121113Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:11:13.536] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:11:13.536] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:11:13.536] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:11:13.536] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:11:13.536] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:11:13.536] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:11:13.730] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44890.1726132175.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282273537, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44890, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6809353544552849, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:11:13.730] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:11:13.730] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:11:13.730] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:11:13.730] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:11:16.648] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24972 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44894.1726132178.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44894.1726132178.jsonl?X-Amz-Signature=788e496aa1cc06d7793058948e6c9f99b5a4d3bbba3534d58ad2c0d91b92aa5f&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251209T121116Z&X-Amz-SignedHeaders=host"} [2025-12-09 20:11:16.648] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:11:16.648] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:11:16.648] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:11:16.648] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:11:16.648] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:11:16.648] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:11:16.839] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44894.1726132178.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765282276649, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 20:11:16.839] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 20:11:16.839] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:11:19.762] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24221 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44906.1726132207.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44906.1726132207.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=296c22a37eb0993eaeb59caf76d0cb09728f7b56af75c2168f777171924d29b1&X-Amz-Date=20251209T121119Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-09 20:11:19.762] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:11:19.762] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:11:19.763] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:11:19.763] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:11:19.763] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:11:19.763] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:11:19.949] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44906.1726132207.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282279763, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44906, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.79266736051479, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:11:19.949] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:11:19.949] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:11:19.949] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:11:19.949] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:11:22.877] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24222 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44910.1726132213.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44910.1726132213.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T121122Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=bb36723fbc8871e3e1ecd0e354fccee4f0ecfd097c5c722a0ba963e136687297"} [2025-12-09 20:11:22.877] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:11:22.877] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:11:22.877] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:11:22.877] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:11:22.877] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:11:22.878] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:11:23.063] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44910.1726132213.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765282282878, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 20:11:23.063] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 20:11:23.063] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:11:25.989] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25312 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44914.1726132216.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44914.1726132216.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T121125Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=efde63e53a594a01373f00b5380392f8973320d8834dee7676aa5b6009efca22"} [2025-12-09 20:11:25.989] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:11:25.989] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:11:25.990] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:11:25.990] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:11:25.990] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:11:25.990] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:11:26.176] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44914.1726132216.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282285990, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44914, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7921735825556696, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:11:26.176] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:11:26.176] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:11:26.176] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:11:26.176] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:11:29.100] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25313 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44918.1726132219.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44918.1726132219.jsonl?X-Amz-Expires=604800&X-Amz-Signature=d169031120c059e59c0f653b3a3685fcd99ea8903861272a3f04612e09524875&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T121128Z"} [2025-12-09 20:11:29.100] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:11:29.100] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:11:29.100] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:11:29.100] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:11:29.100] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:11:29.101] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:11:29.287] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44918.1726132219.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282289101, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44918, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7741551259482969, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:11:29.287] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:11:29.287] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:11:29.287] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:11:29.287] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:11:32.212] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25314 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53328.1726132246.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53328.1726132246.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=c2de2277493035472f957a0973becaef3049d2e2de68e9e2175c91abe6442aa0&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T121131Z&X-Amz-Expires=604800"} [2025-12-09 20:11:32.212] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:11:32.212] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:11:32.212] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:11:32.212] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:11:32.212] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:11:32.213] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:11:32.399] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53328.1726132246.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282292213, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53328, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.7774317609580008, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:11:32.399] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:11:32.399] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:11:32.399] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:11:32.399] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:11:35.315] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24973 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53330.1726132249.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53330.1726132249.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=b5dcf71eb1353e67c41dc9f741d680c387ef00ae7b1ffd8e12e523b0c405d36d&X-Amz-Date=20251209T121134Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:11:35.315] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:11:35.315] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:11:35.315] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:11:35.315] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:11:35.315] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:11:35.316] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:11:35.501] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53330.1726132249.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282295316, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53330, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.8275845624305066, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:11:35.501] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:11:35.501] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:11:35.501] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:11:35.501] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:11:38.432] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24223 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53334.1726132252.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53334.1726132252.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=eb97cb13eaddd91447fe06f743adfe05ecd1ef0392ecc0b855b83fe7d9ff9260&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T121137Z&X-Amz-Expires=604800"} [2025-12-09 20:11:38.432] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:11:38.432] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:11:38.433] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:11:38.433] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:11:38.433] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:11:38.433] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:11:38.619] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53334.1726132252.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282298434, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53334, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.7442508309553904, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:11:38.619] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:11:38.620] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:11:38.620] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:11:38.620] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:11:41.549] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24224 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53338.1726132256.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53338.1726132256.jsonl?X-Amz-Date=20251209T121141Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=05e5a81d2c16728efb424975b1e1c106715e89f3f6438f6ce65d7f95c6ae17b7&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-09 20:11:41.549] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:11:41.550] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:11:41.550] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:11:41.550] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:11:41.550] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:11:41.550] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:11:41.736] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53338.1726132256.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282301550, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53338, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.7490687046424453, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:11:41.736] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:11:41.736] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:11:41.736] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:11:41.736] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:11:44.669] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25315 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_33840.1726130414.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_33840.1726130414.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251209T121144Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=ff0f442bb71559b42bdf0e67ad89de8d9aae029a7be04b29e95215e736bbf678&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:11:44.669] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:11:44.669] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:11:44.670] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:11:44.670] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:11:44.670] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:11:44.670] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:11:44.856] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_33840.1726130414.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282304670, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 33840, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.836137429688432, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:11:44.856] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:11:44.856] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:11:44.856] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:11:44.856] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:11:47.785] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24225 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_33860.1726130421.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_33860.1726130421.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=63a25b48e106500b84878b8ed38926231e2605295f3b19163869e3aebb63c027&X-Amz-Date=20251209T121147Z"} [2025-12-09 20:11:47.785] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:11:47.785] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:11:47.785] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:11:47.785] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:11:47.785] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:11:47.786] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:11:47.972] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_33860.1726130421.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282307786, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 33860, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6415493894027886, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:11:47.972] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:11:47.972] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:11:47.972] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:11:47.972] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:11:50.901] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24226 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_35930.1726130424.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_35930.1726130424.jsonl?X-Amz-Date=20251209T121150Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=12aa464c796897a9795c384a3fe5b5a2df06081c61779e27dcb2ba2fecd1ac92"} [2025-12-09 20:11:50.901] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:11:50.901] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:11:50.901] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:11:50.901] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:11:50.901] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:11:50.902] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:11:51.088] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_35930.1726130424.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282310902, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 35930, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6710350924313606, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:11:51.088] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:11:51.088] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:11:51.088] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:11:51.088] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:11:54.019] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24227 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_35948.1726130427.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_35948.1726130427.jsonl?X-Amz-Signature=73733dd8d665a9a1d4347df6614cd30511795e4dea1d9bd073c51e2cbc201f39&X-Amz-Date=20251209T121153Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-09 20:11:54.019] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:11:54.019] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:11:54.019] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:11:54.019] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:11:54.019] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:11:54.019] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:11:54.205] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_35948.1726130427.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282314019, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 35948, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6346248737573055, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:11:54.205] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:11:54.205] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:11:54.205] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:11:54.205] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:11:57.136] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25316 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_52872.1726130411.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_52872.1726130411.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T121156Z&X-Amz-SignedHeaders=host&X-Amz-Signature=9370c5c0ed146e560e7034b2f4bbf1967664dca832cbe02b1b183a539c31ee23&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-09 20:11:57.136] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:11:57.136] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:11:57.136] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:11:57.136] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:11:57.136] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:11:57.137] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:11:57.334] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_52872.1726130411.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765282317137, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 20:11:57.334] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 20:11:57.334] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:12:00.254] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24228 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_37014.1726130500.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_37014.1726130500.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T121159Z&X-Amz-Signature=4f3bd53d8c8ffc7f1c90b7c559d7b7dbf1cce028730807adbd41eb4e210abe49"} [2025-12-09 20:12:00.254] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:12:00.254] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:12:00.254] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:12:00.254] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:12:00.254] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:12:00.255] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:12:00.450] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_37014.1726130500.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282320255, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 37014, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8351820553379743, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:12:00.450] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:12:00.450] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:12:00.450] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:12:00.450] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:12:03.362] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24974 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_54374.1726130506.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_54374.1726130506.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T121202Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=b4c8d6a9e863d08212b5e02d7f18bf786703a7e2df30aaea2fabb7b41246c31f"} [2025-12-09 20:12:03.363] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:12:03.363] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:12:03.363] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:12:03.363] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:12:03.363] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:12:03.363] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:12:03.554] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_54374.1726130506.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765282323363, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 20:12:03.554] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 20:12:03.554] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:12:06.482] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24229 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51470.1726130544.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51470.1726130544.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T121205Z&X-Amz-Signature=c7b1ad33b6277df3e39301c610c5b734aa249e255e40f97de81b8d38ebce17f5&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 20:12:06.482] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:12:06.482] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:12:06.482] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:12:06.482] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:12:06.482] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:12:06.483] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:12:06.664] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51470.1726130544.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282326483, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 51470, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7510731897204698, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:12:06.664] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:12:06.664] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:12:06.664] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:12:06.664] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:12:09.603] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24975 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51490.1726130547.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51490.1726130547.jsonl?X-Amz-Signature=9d8f5385095f890d404cb5edbd31a658edbd069a64a8c1543b9cfa584df7f245&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T121209Z"} [2025-12-09 20:12:09.603] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:12:09.603] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:12:09.603] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:12:09.603] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:12:09.603] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:12:09.604] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:12:09.790] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51490.1726130547.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282329604, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 51490, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6827157059025345, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:12:09.790] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:12:09.790] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:12:09.790] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:12:09.790] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:12:12.719] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24230 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51740.1726130538.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51740.1726130538.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T121212Z&X-Amz-Signature=d10a2fb41b461636503a681316df39d764837a7664e1222e928160d162c809cb"} [2025-12-09 20:12:12.720] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:12:12.720] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:12:12.720] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:12:12.720] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:12:12.720] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:12:12.720] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:12:12.907] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51740.1726130538.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282332720, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 51740, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6726794156067787, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:12:12.907] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:12:12.907] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:12:12.907] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:12:12.907] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:12:15.823] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24976 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_41946.1726130604.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_41946.1726130604.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251209T121215Z&X-Amz-SignedHeaders=host&X-Amz-Signature=e0d80a0fafc7c77092f19d85c4032335b6a7091963fac60ccd09a93fdd38d747&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:12:15.823] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:12:15.823] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:12:15.824] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:12:15.824] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:12:15.824] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:12:15.824] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:12:16.011] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_41946.1726130604.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282335824, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 41946, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.679443760457275, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:12:16.011] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:12:16.011] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:12:16.011] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:12:16.011] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:15:48.825] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24977 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42261_192-168-163-23_443.1726208830.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42261_192-168-163-23_443.1726208830.jsonl?X-Amz-Signature=c2a008ec19b209bf43c0cd72525e6c3933b307d07eae2d857d26b2d08d9b2e8a&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T121548Z"} [2025-12-09 20:15:48.825] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:15:48.825] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:15:48.826] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:15:48.826] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:15:48.826] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:15:48.827] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:15:49.060] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42261_192-168-163-23_443.1726208830.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282548827, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42261, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9998839809681442, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:15:49.060] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:15:49.060] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:15:49.060] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:15:49.060] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:15:51.956] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25317 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.TCP_10-0-4-15_4433_111-53-218-171_11605.1726284537.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.TCP_10-0-4-15_4433_111-53-218-171_11605.1726284537.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=89edb0e7af91e11992b7c228aaf924833f3d820eb747bdf3c61c674976f2e503&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T121551Z"} [2025-12-09 20:15:51.956] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:15:51.956] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:15:51.956] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:15:51.956] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:15:51.956] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:15:51.956] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:15:52.141] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.TCP_10-0-4-15_4433_111-53-218-171_11605.1726284537.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282551956, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "111.53.218.171", "dest_ip": "10.0.4.15", "protocol": 6, "src_port": 11605, "dest_port": 4433, "y_pred": 2, "y_pred_proba_max": 0.9999068037842808, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:15:52.141] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:15:52.141] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:15:52.142] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:15:52.142] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:15:55.095] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25318 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai.1726023698.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai.1726023698.jsonl?X-Amz-Signature=e40ce49bc0e6302a39c34fd059629ea3b03bcb64d82429f154b1a3807a1c36aa&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T121554Z"} [2025-12-09 20:15:55.095] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:15:55.095] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:15:55.095] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:15:55.095] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:15:55.095] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:15:55.096] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:15:55.282] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai.1726023698.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282555096, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50196, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9580245061965472, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:15:55.282] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:15:55.282] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:15:55.282] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:15:55.282] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:15:58.207] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25319 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42203_192-168-163-23_80.1726208539.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42203_192-168-163-23_80.1726208539.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=c07f7f84e0f724ad03ec8b09230ce8678e10e6a1b25a5a58463dcb692e0e5567&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T121557Z"} [2025-12-09 20:15:58.207] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:15:58.207] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:15:58.207] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:15:58.207] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:15:58.207] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:15:58.208] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:15:58.391] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42203_192-168-163-23_80.1726208539.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282558208, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42203, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:15:58.391] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:15:58.391] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:15:58.391] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:15:58.391] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:16:01.330] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25320 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai.pcap.TCP_192-168-88-24_50050_192-168-88-28_50196.1726023698.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai.pcap.TCP_192-168-88-24_50050_192-168-88-28_50196.1726023698.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=e65e23b773fa95227151d75e7fb70a10bce07346f622ddbae4c4aff3736d560a&X-Amz-Date=20251209T121600Z"} [2025-12-09 20:16:01.331] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:16:01.331] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:16:01.331] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:16:01.331] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:16:01.331] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:16:01.331] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:16:01.517] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai.pcap.TCP_192-168-88-24_50050_192-168-88-28_50196.1726023698.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282561331, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50196, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9580245061965472, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:16:01.517] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:16:01.517] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:16:01.517] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:16:01.518] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:16:04.469] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24231 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP.1726040056.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP.1726040056.jsonl?X-Amz-Date=20251209T121603Z&X-Amz-Signature=e7461fa56a01fdeeda75ed828c898cdd2fb85f71b397149b8ebe01c5ce790a5d&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-09 20:16:04.469] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:16:04.469] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:16:04.470] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:16:04.470] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:16:04.470] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:16:04.471] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:16:04.688] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP.1726040056.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282564471, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49212, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9726859149153515, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:16:04.688] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:16:04.688] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:16:04.688] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:16:04.688] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:16:07.628] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25321 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP.pcap.TCP_192-168-88-24_50050_192-168-88-30_49212.1726040056.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP.pcap.TCP_192-168-88-24_50050_192-168-88-30_49212.1726040056.jsonl?X-Amz-Date=20251209T121607Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=69872108bdaa47de489db2feb0ec027fe92e7a4e40548506c909ede3a2ebfcb9&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:16:07.629] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:16:07.629] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:16:07.629] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:16:07.629] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:16:07.629] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:16:07.629] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:16:07.813] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP.pcap.TCP_192-168-88-24_50050_192-168-88-30_49212.1726040056.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282567629, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49212, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9726859149153515, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:16:07.813] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:16:07.813] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:16:07.813] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:16:07.813] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:16:10.784] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24232 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID23-tls1.3CS4.8_mac_ubuntu_jdk_domain3.1726211430.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID23-tls1.3CS4.8_mac_ubuntu_jdk_domain3.1726211430.jsonl?X-Amz-Date=20251209T121610Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=34c263ed18f43941e739ba14d11f5adb47b3cc4b14c954ddb528899ae944c26b&X-Amz-SignedHeaders=host"} [2025-12-09 20:16:10.784] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:16:10.784] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:16:10.784] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:16:10.784] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:16:10.784] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:16:10.785] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:16:11.016] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID23-tls1.3CS4.8_mac_ubuntu_jdk_domain3.1726211430.jsonl|result:{"code": 1, "total_count": 19, "alert_count": 19, "abnormal_count": 19, "normal_count": 0, "timestamp": 1765282570785, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49900, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9948395387043772, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49905, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9990727495298456, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49906, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9539686118113468, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49901, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9889436091438827, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49904, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9823949331172888, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49913, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9982344826586815, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49915, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9954527869549163, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49917, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9916351398098372, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49909, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9897636417034154, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49912, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9919412506719519, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49916, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9966431162078648, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49907, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9067464294218052, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49899, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49911, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9938140771153121, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49914, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9607283513372386, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49908, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9857839338628928, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49902, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8974148085640757, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49910, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9796287211799263, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49903, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9887460979769674, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:16:11.016] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 19|max_alert: 1000 [2025-12-09 20:16:11.016] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:16:11.016] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:16:11.016] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:16:13.949] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25322 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID23-tls1.3CS4.8_mac_ubuntu_jdk_IP.1726211226.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID23-tls1.3CS4.8_mac_ubuntu_jdk_IP.1726211226.jsonl?X-Amz-Date=20251209T121613Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=f8e3b14c65b882aa0416ade676a1ad766b30c5af02caffffd562d51c94087ed5&X-Amz-SignedHeaders=host"} [2025-12-09 20:16:13.949] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:16:13.949] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:16:13.949] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:16:13.949] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:16:13.949] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:16:13.950] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:16:14.181] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID23-tls1.3CS4.8_mac_ubuntu_jdk_IP.1726211226.jsonl|result:{"code": 1, "total_count": 19, "alert_count": 19, "abnormal_count": 19, "normal_count": 0, "timestamp": 1765282573950, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49813, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9798099140911304, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49804, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49805, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9920077460461967, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49806, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9935560534082867, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49811, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9943658481262561, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49814, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.998501514671926, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49817, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9793632450718504, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49821, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9625666120444648, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49809, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9784198949725982, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49815, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9999240416438284, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49819, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9955990873685386, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49810, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9998079474185828, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49812, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9829046154474818, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49820, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9928479720912123, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49807, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9977917195914591, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49808, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9969521192187903, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49816, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9995910540218641, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49818, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9862157546679893, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49822, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9823260744028816, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:16:14.181] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 19|max_alert: 1000 [2025-12-09 20:16:14.181] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:16:14.181] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:16:14.181] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:16:17.095] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24978 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.1727232101.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.1727232101.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=cb8db4f5dd66fb2d495d47ffd86d2fec14e775115248549b3db686a5d46a8d46&X-Amz-Date=20251209T121616Z"} [2025-12-09 20:16:17.095] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:16:17.095] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:16:17.095] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:16:17.095] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:16:17.095] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:16:17.096] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:16:17.328] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.1727232101.jsonl|result:{"code": 1, "total_count": 19, "alert_count": 19, "abnormal_count": 19, "normal_count": 0, "timestamp": 1765282577096, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49241, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9916490801881285, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49244, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9965613085791998, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49242, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9929056904995154, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49239, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9826038775697016, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49236, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.997067507502594, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49233, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49243, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9833003297276995, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49247, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9880475565625114, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49251, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9486643919608937, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49234, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.979683017409808, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49238, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9885446014610835, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49245, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9911565590263544, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49249, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9846401513557035, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49250, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8794335776698408, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49246, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9788907865142036, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49235, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9875123349483848, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49237, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9908266930075992, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49248, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9771774959854481, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49240, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9857957295444639, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:16:17.328] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 19|max_alert: 1000 [2025-12-09 20:16:17.328] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:16:17.328] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:16:17.328] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:16:20.235] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24233 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID23-tls1.3CS4.8_mac_ubuntu_jdk_domain2.1726211393.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID23-tls1.3CS4.8_mac_ubuntu_jdk_domain2.1726211393.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T121619Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=4da81a84e45e17aa785100c3f29e8fa69ebb216634465bfe2b33d217c791ba75&X-Amz-Expires=604800"} [2025-12-09 20:16:20.235] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:16:20.235] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:16:20.235] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:16:20.235] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:16:20.235] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:16:20.235] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:16:20.467] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID23-tls1.3CS4.8_mac_ubuntu_jdk_domain2.1726211393.jsonl|result:{"code": 1, "total_count": 19, "alert_count": 19, "abnormal_count": 19, "normal_count": 0, "timestamp": 1765282580236, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49879, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9956612798915031, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49883, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9878903147697448, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49889, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9938759104061451, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49885, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9940987345212152, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49880, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9712794985383143, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49896, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9961504118759825, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49887, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9921424753924339, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49886, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9928744480485148, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49888, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9903771380962567, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49893, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9848222756113998, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49895, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9864507903178709, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49882, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9843684134959988, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49878, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49897, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9994213323044768, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49881, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8995113394605257, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49890, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9729464728932783, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49884, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9902828193691182, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49894, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.99746395219379, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49898, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9996529560349297, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:16:20.467] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 19|max_alert: 1000 [2025-12-09 20:16:20.467] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:16:20.467] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:16:20.467] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:16:23.377] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25323 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP2.1727231967.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP2.1727231967.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T121622Z&X-Amz-Signature=e51526dbdf05d8c0753f3989beb38b1ef71c3b13c2529a274835cbe4878d8472"} [2025-12-09 20:16:23.377] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:16:23.377] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:16:23.377] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:16:23.377] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:16:23.377] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:16:23.378] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:16:23.610] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP2.1727231967.jsonl|result:{"code": 1, "total_count": 20, "alert_count": 20, "abnormal_count": 20, "normal_count": 0, "timestamp": 1765282583378, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49199, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9952403705974404, "2_count": 20, "2_sum": 20, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49202, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9742939516235932, "2_count": 20, "2_sum": 20, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49203, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9998348662958627, "2_count": 20, "2_sum": 20, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49211, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9903930428900941, "2_count": 20, "2_sum": 20, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49206, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.996942041276261, "2_count": 20, "2_sum": 20, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49209, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9892837232221853, "2_count": 20, "2_sum": 20, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49214, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9963889675905823, "2_count": 20, "2_sum": 20, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49215, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 20, "2_sum": 20, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49200, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.8459506814175894, "2_count": 20, "2_sum": 20, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49201, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9859706429360936, "2_count": 20, "2_sum": 20, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49207, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9840696405518794, "2_count": 20, "2_sum": 20, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49198, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9944640734596082, "2_count": 20, "2_sum": 20, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49208, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9466104554158971, "2_count": 20, "2_sum": 20, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49210, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9663153021139226, "2_count": 20, "2_sum": 20, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49212, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9805945283495787, "2_count": 20, "2_sum": 20, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49197, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9843356646814752, "2_count": 20, "2_sum": 20, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49196, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 20, "2_sum": 20, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49205, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.996258844166322, "2_count": 20, "2_sum": 20, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49213, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.990179628789841, "2_count": 20, "2_sum": 20, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49204, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9920499818102524, "2_count": 20, "2_sum": 20, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:16:23.610] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 20|max_alert: 1000 [2025-12-09 20:16:23.610] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:16:23.610] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:16:23.610] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:16:26.510] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24979 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID23-tls1.3CS4.8_mac_ubuntu_jdk_domain1.1726211358.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID23-tls1.3CS4.8_mac_ubuntu_jdk_domain1.1726211358.jsonl?X-Amz-Signature=a9b602b685e5af0b28d86b37e5d80d91ceb97d8461af3289b9c5c472ecbbaa70&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T121626Z&X-Amz-SignedHeaders=host"} [2025-12-09 20:16:26.511] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:16:26.511] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:16:26.511] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:16:26.511] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:16:26.511] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:16:26.511] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:16:26.742] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID23-tls1.3CS4.8_mac_ubuntu_jdk_domain1.1726211358.jsonl|result:{"code": 1, "total_count": 19, "alert_count": 19, "abnormal_count": 19, "normal_count": 0, "timestamp": 1765282586511, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49862, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.993998746337398, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49873, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9984619517211837, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49861, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9827068710039205, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49870, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.914970406475019, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49876, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.952977727642738, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49859, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49867, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9706477604099989, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49863, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9901185710129757, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49872, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.993074132962868, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49868, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9999025551235928, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49875, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9966615696824686, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49860, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9617252563225832, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49866, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9743059507492364, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49864, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.71921150619101, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49877, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9468058447807375, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49871, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7764728055013342, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49869, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9959248745706883, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49865, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9973994455010247, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49874, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9876370849085667, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:16:26.742] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 19|max_alert: 1000 [2025-12-09 20:16:26.742] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:16:26.742] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:16:26.742] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:16:29.637] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25324 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID24-tls1.3CS4.8_mac_ubuntu_openjdk_IP.1726209740.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID24-tls1.3CS4.8_mac_ubuntu_openjdk_IP.1726209740.jsonl?X-Amz-Signature=e788083248cf16f77cdb8a366dd7f033e4de5e3e0ecbbc9f52d59f1ab10fa0d7&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251209T121629Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:16:29.637] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:16:29.637] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:16:29.638] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:16:29.638] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:16:29.638] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:16:29.638] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:16:29.862] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID24-tls1.3CS4.8_mac_ubuntu_openjdk_IP.1726209740.jsonl|result:{"code": 1, "total_count": 17, "alert_count": 17, "abnormal_count": 17, "normal_count": 0, "timestamp": 1765282589638, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49633, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49638, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9848839800602204, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49642, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9991689155402528, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49634, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9848518244022456, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49649, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9799294573859498, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49639, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.8493997374881902, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49636, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9998476325444733, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49635, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9826517428931141, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49641, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9973106301578313, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49645, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9995962586523489, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49644, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9919179404311237, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49640, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.995109299634593, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49647, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9728578823302751, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49637, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9990690373984977, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49646, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.997903385505614, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49648, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9997528086303855, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49643, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.937764546813778, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:16:29.862] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 17|max_alert: 1000 [2025-12-09 20:16:29.862] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:16:29.862] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:16:29.862] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:16:32.794] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24234 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.1726212710.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.1726212710.jsonl?X-Amz-Date=20251209T121632Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=bcd8ddc13922c17e77b2da36a85d353b970ce4dc041058d377ff084ccff424e0"} [2025-12-09 20:16:32.794] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:16:32.794] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:16:32.794] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:16:32.794] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:16:32.794] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:16:32.795] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:16:33.016] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.1726212710.jsonl|result:{"code": 1, "total_count": 16, "alert_count": 16, "abnormal_count": 16, "normal_count": 0, "timestamp": 1765282592795, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50124, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9878386178448167, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50131, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9993986883604957, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50129, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.983151851486558, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50130, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9610371025904593, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50122, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50126, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9886484413236557, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50135, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9780476306840957, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50127, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9947485815446498, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50133, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9997844571775872, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50123, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9737056284005778, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50134, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9891992744984781, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50125, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9902112973095163, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50136, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.96622869987999, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50132, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.937681800988194, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50137, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9813952725009292, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50128, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9934623185581525, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:16:33.017] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 16|max_alert: 1000 [2025-12-09 20:16:33.017] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:16:33.017] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:16:33.017] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:16:35.918] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24980 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID78_Z_Godzilla_ekp1.0_aspx_windowsserver2008r2_https.pcap.TCP_192-168-17-1_58782_192-168-17-132_443.1726121356.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID78_Z_Godzilla_ekp1.0_aspx_windowsserver2008r2_https.pcap.TCP_192-168-17-1_58782_192-168-17-132_443.1726121356.jsonl?X-Amz-Signature=136f5c112358ccb817220ad499b26e18c5c1e54e9751d75e7706f262241492e2&X-Amz-Date=20251209T121635Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 20:16:35.918] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:16:35.918] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:16:35.918] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:16:35.919] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:16:35.919] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:16:35.919] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:16:36.137] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID78_Z_Godzilla_ekp1.0_aspx_windowsserver2008r2_https.pcap.TCP_192-168-17-1_58782_192-168-17-132_443.1726121356.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282595919, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.17.1", "dest_ip": "192.168.17.132", "protocol": 6, "src_port": 58782, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9999574183819978, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:16:36.137] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:16:36.137] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:16:36.137] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:16:36.137] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:16:39.061] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25325 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID22-tls1.3CS4.8_mac_kali_openjdk_IP1.1726212164.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID22-tls1.3CS4.8_mac_kali_openjdk_IP1.1726212164.jsonl?X-Amz-Date=20251209T121638Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=e130f8bbc97fd0a7c301b38c637b6b13c86d65d499bb6d0aef5a5a1bc3ae78ab&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 20:16:39.061] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:16:39.061] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:16:39.061] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:16:39.061] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:16:39.061] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:16:39.062] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:16:39.286] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID22-tls1.3CS4.8_mac_kali_openjdk_IP1.1726212164.jsonl|result:{"code": 1, "total_count": 17, "alert_count": 17, "abnormal_count": 17, "normal_count": 0, "timestamp": 1765282599062, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 49928, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9902081764450924, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 49934, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9950751103140646, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 49930, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9531053070566292, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 49923, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9857729476441964, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 49937, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 49924, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9944142321188765, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 49925, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9771283269574098, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 49933, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9402817168674891, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 49926, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9515147999731864, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 49921, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 49931, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9967945068710398, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 49936, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9838284865500456, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 49922, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9817476920454372, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 49927, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9963965348634888, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 49932, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9401520183286568, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 49935, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9965269141866234, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 49929, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9733069440917393, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:16:39.286] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 17|max_alert: 1000 [2025-12-09 20:16:39.286] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:16:39.286] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:16:39.286] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:16:42.211] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24981 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogaizwlkhflow1zwrkh.1726045043.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogaizwlkhflow1zwrkh.1726045043.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=53458857d94bf3d8646f04fe03f273d0af05fea7aeb5bcfb0390361db2044e2a&X-Amz-Date=20251209T121641Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:16:42.211] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:16:42.211] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:16:42.211] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:16:42.211] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:16:42.211] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:16:42.212] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:16:42.405] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogaizwlkhflow1zwrkh.1726045043.jsonl|result:{"code": 1, "total_count": 3, "alert_count": 3, "abnormal_count": 3, "normal_count": 0, "timestamp": 1765282602212, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49263, "dest_port": 50050, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 3, "2_sum": 3, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49264, "dest_port": 50050, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 3, "2_sum": 3, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49265, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9812522998406604, "2_count": 3, "2_sum": 3, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:16:42.405] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 3|max_alert: 1000 [2025-12-09 20:16:42.406] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:16:42.406] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:16:42.406] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:16:45.352] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25326 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogaizwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49265.1726045050.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogaizwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49265.1726045050.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T121644Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=9f9c006dcc7566d9d6fddb141241c36742de59d1e9a2705522ae4734aae43cf0&X-Amz-SignedHeaders=host"} [2025-12-09 20:16:45.352] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:16:45.352] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:16:45.353] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:16:45.353] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:16:45.353] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:16:45.354] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:16:45.540] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogaizwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49265.1726045050.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282605354, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49265, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9812522998406604, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:16:45.540] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:16:45.540] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:16:45.540] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:16:45.540] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:16:48.486] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25327 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43326.1726308998.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43326.1726308998.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T121647Z&X-Amz-Signature=b25eafcf70c433cd46f0dc28b44ad864816b3ced5ec8bb1d6ab58b352d402549"} [2025-12-09 20:16:48.486] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:16:48.486] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:16:48.487] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:16:48.487] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:16:48.487] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:16:48.487] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:16:48.673] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43326.1726308998.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282608487, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "218.26.55.102", "dest_ip": "10.0.4.15", "protocol": 6, "src_port": 43326, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999876455423057, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:16:48.673] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:16:48.673] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:16:48.673] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:16:48.673] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:16:51.608] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25328 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID77_Z_Godzilla_ekp1.1_aspx_windowsserver2008r2_https.pcap.TCP_192-168-17-1_35157_192-168-17-132_443.1726129243.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID77_Z_Godzilla_ekp1.1_aspx_windowsserver2008r2_https.pcap.TCP_192-168-17-1_35157_192-168-17-132_443.1726129243.jsonl?X-Amz-Date=20251209T121651Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=cb106ab2f4bb91ac1cfdb14f4692443c82377138a8a40b6ff6b811c7e1721b8e"} [2025-12-09 20:16:51.608] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:16:51.608] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:16:51.608] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:16:51.608] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:16:51.608] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:16:51.609] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:16:51.794] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID77_Z_Godzilla_ekp1.1_aspx_windowsserver2008r2_https.pcap.TCP_192-168-17-1_35157_192-168-17-132_443.1726129243.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282611609, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.17.1", "dest_ip": "192.168.17.132", "protocol": 6, "src_port": 35157, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9998950168438167, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:16:51.794] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:16:51.794] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:16:51.794] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:16:51.794] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:16:54.741] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24982 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID24-tls1.3CS4.8_mac_ubuntu_openjdk_domain2.1726210973.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID24-tls1.3CS4.8_mac_ubuntu_openjdk_domain2.1726210973.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T121654Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=fe0b5b8395e5b29e25c8aff617c074f9061475a7a0a2428244de8e4f8083dcc3&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:16:54.741] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:16:54.741] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:16:54.741] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:16:54.741] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:16:54.741] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:16:54.742] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:16:54.959] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID24-tls1.3CS4.8_mac_ubuntu_openjdk_domain2.1726210973.jsonl|result:{"code": 1, "total_count": 15, "alert_count": 15, "abnormal_count": 15, "normal_count": 0, "timestamp": 1765282614742, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49767, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9404902673522166, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49769, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9961735166577794, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49771, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9968349685447107, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49757, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49762, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9944806564828815, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49764, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9442600037540121, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49760, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.999777167544464, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49758, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9175623073199635, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49759, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9966380810784818, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49765, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9283134044594631, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49761, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9858332370755758, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49766, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9727535520750678, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49763, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9985098652045115, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49768, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9960257009844826, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49770, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9930917614551684, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:16:54.959] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 15|max_alert: 1000 [2025-12-09 20:16:54.959] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:16:54.959] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:16:54.959] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:16:57.889] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24235 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID75_godzilla_3.0.3_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_36703_192-168-17-132_443.1726129505.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID75_godzilla_3.0.3_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_36703_192-168-17-132_443.1726129505.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251209T121657Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=fe279e3c3b8e1aa2e20fef8be7e8f276b2ae3878b317623d0c353fe173f9ce1b"} [2025-12-09 20:16:57.889] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:16:57.889] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:16:57.889] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:16:57.889] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:16:57.889] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:16:57.890] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:16:58.075] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID75_godzilla_3.0.3_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_36703_192-168-17-132_443.1726129505.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282617890, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.17.1", "dest_ip": "192.168.17.132", "protocol": 6, "src_port": 36703, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9999233647484899, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:16:58.075] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:16:58.075] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:16:58.075] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:16:58.075] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:17:01.015] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25329 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.1726129515.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.1726129515.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T121700Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=d3a668327997af408703f040da10c021a8e685caa60dd6012996935502b94b23&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:17:01.015] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:17:01.015] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:17:01.015] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:17:01.015] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:17:01.015] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:17:01.015] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:17:01.239] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.1726129515.jsonl|result:{"code": 1, "total_count": 15, "alert_count": 13, "abnormal_count": 13, "normal_count": 2, "timestamp": 1765282621015, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 34308, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 13, "2_sum": 15, "2_ratio": 0.8666666666666667, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 34338, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6600152343992454, "2_count": 13, "2_sum": 15, "2_ratio": 0.8666666666666667, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 34324, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8598443676373912, "2_count": 13, "2_sum": 15, "2_ratio": 0.8666666666666667, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 58164, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5150716470914646, "2_count": 13, "2_sum": 15, "2_ratio": 0.8666666666666667, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 43408, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6608495747990313, "2_count": 13, "2_sum": 15, "2_ratio": 0.8666666666666667, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 58182, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7825537526527392, "2_count": 13, "2_sum": 15, "2_ratio": 0.8666666666666667, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 50518, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5766166595943324, "2_count": 13, "2_sum": 15, "2_ratio": 0.8666666666666667, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 43414, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.755307526352713, "2_count": 13, "2_sum": 15, "2_ratio": 0.8666666666666667, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 50524, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6328550763870058, "2_count": 13, "2_sum": 15, "2_ratio": 0.8666666666666667, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 43376, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5495919355088006, "2_count": 13, "2_sum": 15, "2_ratio": 0.8666666666666667, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 58174, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7313231847218452, "2_count": 13, "2_sum": 15, "2_ratio": 0.8666666666666667, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 58168, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5486665983652664, "2_count": 13, "2_sum": 15, "2_ratio": 0.8666666666666667, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 50538, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6610424197399033, "2_count": 13, "2_sum": 15, "2_ratio": 0.8666666666666667, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:17:01.239] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 13|max_alert: 1000 [2025-12-09 20:17:01.239] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:17:01.239] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:17:01.240] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:17:04.162] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25330 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42089_192-168-163-23_443.1726207942.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42089_192-168-163-23_443.1726207942.jsonl?X-Amz-Date=20251209T121703Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=53b0f98980597906d542f848633a8be9eedf71e9a73396dd5f1c5e72ca9b1178&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-09 20:17:04.162] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:17:04.162] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:17:04.163] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:17:04.163] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:17:04.163] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:17:04.163] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:17:04.349] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42089_192-168-163-23_443.1726207942.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282624163, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42089, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9999957984315957, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:17:04.349] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:17:04.349] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:17:04.349] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:17:04.349] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:17:07.279] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24236 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID74_godzilla_2.96_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_37337_192-168-17-132_443.1726129614.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID74_godzilla_2.96_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_37337_192-168-17-132_443.1726129614.jsonl?X-Amz-Date=20251209T121706Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=ccf168f351bbee7469518cc1b1bcef8f0af98196c200a47cec8526d1e5a245f6"} [2025-12-09 20:17:07.279] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:17:07.279] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:17:07.279] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:17:07.279] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:17:07.279] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:17:07.280] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:17:07.465] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID74_godzilla_2.96_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_37337_192-168-17-132_443.1726129614.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282627280, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.17.1", "dest_ip": "192.168.17.132", "protocol": 6, "src_port": 37337, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9997048311722898, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:17:07.465] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:17:07.465] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:17:07.465] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:17:07.465] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:17:10.403] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24237 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID76_godzilla_4.01_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_35992_192-168-17-132_443.1726129385.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID76_godzilla_4.01_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_35992_192-168-17-132_443.1726129385.jsonl?X-Amz-Expires=604800&X-Amz-Signature=1d857300e1ae9be2181d9cfa795ba0963bf156da850268e690b78f15b6327284&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T121709Z"} [2025-12-09 20:17:10.403] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:17:10.403] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:17:10.403] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:17:10.403] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:17:10.403] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:17:10.404] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:17:10.589] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID76_godzilla_4.01_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_35992_192-168-17-132_443.1726129385.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282630404, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.17.1", "dest_ip": "192.168.17.132", "protocol": 6, "src_port": 35992, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.999474031456436, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:17:10.590] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:17:10.590] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:17:10.590] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:17:10.590] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:17:13.527] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24983 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.1726130399.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.1726130399.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T121713Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=e5b731bae82d57ab40273eaf0c198f374d89fa6e10d262c00a4bbb57412b5a03&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:17:13.527] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:17:13.528] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:17:13.528] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:17:13.528] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:17:13.528] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:17:13.528] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:17:13.751] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.1726130399.jsonl|result:{"code": 1, "total_count": 14, "alert_count": 12, "abnormal_count": 12, "normal_count": 2, "timestamp": 1765282633528, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 35934, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8765184103204687, "2_count": 12, "2_sum": 14, "2_ratio": 0.8571428571428571, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 35948, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6346248737573055, "2_count": 12, "2_sum": 14, "2_ratio": 0.8571428571428571, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 35960, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5298220609605865, "2_count": 12, "2_sum": 14, "2_ratio": 0.8571428571428571, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 52870, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6149387055645753, "2_count": 12, "2_sum": 14, "2_ratio": 0.8571428571428571, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 47654, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7026441794397728, "2_count": 12, "2_sum": 14, "2_ratio": 0.8571428571428571, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 33840, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.836137429688432, "2_count": 12, "2_sum": 14, "2_ratio": 0.8571428571428571, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 47642, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 12, "2_sum": 14, "2_ratio": 0.8571428571428571, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 33858, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7389562922671952, "2_count": 12, "2_sum": 14, "2_ratio": 0.8571428571428571, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 33868, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7907536706029601, "2_count": 12, "2_sum": 14, "2_ratio": 0.8571428571428571, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 35930, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6710350924313606, "2_count": 12, "2_sum": 14, "2_ratio": 0.8571428571428571, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 33860, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6415493894027886, "2_count": 12, "2_sum": 14, "2_ratio": 0.8571428571428571, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 52856, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8234095922587584, "2_count": 12, "2_sum": 14, "2_ratio": 0.8571428571428571, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:17:13.751] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 12|max_alert: 1000 [2025-12-09 20:17:13.751] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:17:13.751] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:17:13.751] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:17:16.670] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24984 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.1726130578.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.1726130578.jsonl?X-Amz-Signature=d0f4946286f7adf7df1a9dd93fad00305b037bd9d54eb268aeb8fa5aedd421e4&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T121716Z&X-Amz-Expires=604800"} [2025-12-09 20:17:16.670] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:17:16.670] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:17:16.670] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:17:16.670] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:17:16.670] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:17:16.671] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:17:16.893] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.1726130578.jsonl|result:{"code": 1, "total_count": 14, "alert_count": 10, "abnormal_count": 10, "normal_count": 4, "timestamp": 1765282636671, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 48286, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.7498623734261112, "2_count": 10, "2_sum": 14, "2_ratio": 0.7142857142857143, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44024, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.5200589530455904, "2_count": 10, "2_sum": 14, "2_ratio": 0.7142857142857143, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 41972, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.7506726691230895, "2_count": 10, "2_sum": 14, "2_ratio": 0.7142857142857143, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44042, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.6791167796113271, "2_count": 10, "2_sum": 14, "2_ratio": 0.7142857142857143, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 41988, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.6932043396309915, "2_count": 10, "2_sum": 14, "2_ratio": 0.7142857142857143, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 41946, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.679443760457275, "2_count": 10, "2_sum": 14, "2_ratio": 0.7142857142857143, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44022, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.6728841833184426, "2_count": 10, "2_sum": 14, "2_ratio": 0.7142857142857143, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 36554, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.679389337568846, "2_count": 10, "2_sum": 14, "2_ratio": 0.7142857142857143, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 36538, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 10, "2_sum": 14, "2_ratio": 0.7142857142857143, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44036, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.8465086067455839, "2_count": 10, "2_sum": 14, "2_ratio": 0.7142857142857143, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:17:16.893] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 10|max_alert: 1000 [2025-12-09 20:17:16.893] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:17:16.893] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:17:16.893] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:17:19.773] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25331 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_41979_192-168-163-23_80.1726207397.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_41979_192-168-163-23_80.1726207397.jsonl?X-Amz-Signature=555b423be5d81aa5bd158e19ce84a154287e50835897cfcf8c21afeff96f0e36&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T121719Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-09 20:17:19.773] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:17:19.773] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:17:19.773] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:17:19.773] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:17:19.773] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:17:19.774] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:17:19.954] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_41979_192-168-163-23_80.1726207397.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282639774, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41979, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:17:19.954] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:17:19.954] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:17:19.954] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:17:19.954] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:17:22.920] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25332 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.1726130530.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.1726130530.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=1ede1b94de5784bf968e169d9790dd73707eeaa99cfb96536de127f2c04846f4&X-Amz-Date=20251209T121722Z&X-Amz-Expires=604800"} [2025-12-09 20:17:22.920] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:17:22.920] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:17:22.920] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:17:22.920] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:17:22.920] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:17:22.921] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:17:23.141] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.1726130530.jsonl|result:{"code": 1, "total_count": 14, "alert_count": 12, "abnormal_count": 12, "normal_count": 2, "timestamp": 1765282642921, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 51470, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7510731897204698, "2_count": 11, "2_sum": 13, "2_ratio": 0.8461538461538461, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 51482, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6781951466688778, "2_count": 11, "2_sum": 13, "2_ratio": 0.8461538461538461, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 51490, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6827157059025345, "2_count": 11, "2_sum": 13, "2_ratio": 0.8461538461538461, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 51514, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7920714737387965, "2_count": 11, "2_sum": 13, "2_ratio": 0.8461538461538461, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 32786, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8098754794129167, "2_count": 11, "2_sum": 13, "2_ratio": 0.8461538461538461, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.135", "dest_ip": "185.125.190.98", "protocol": 6, "src_port": 55098, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 32800, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6393447179540175, "2_count": 11, "2_sum": 13, "2_ratio": 0.8461538461538461, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 47816, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 11, "2_sum": 13, "2_ratio": 0.8461538461538461, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 51754, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6370738968028632, "2_count": 11, "2_sum": 13, "2_ratio": 0.8461538461538461, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 51766, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5230912463199346, "2_count": 11, "2_sum": 13, "2_ratio": 0.8461538461538461, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 51740, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6726794156067787, "2_count": 11, "2_sum": 13, "2_ratio": 0.8461538461538461, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 51500, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7652886925783811, "2_count": 11, "2_sum": 13, "2_ratio": 0.8461538461538461, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:17:23.141] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 12|max_alert: 1000 [2025-12-09 20:17:23.141] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:17:23.141] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:17:23.141] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:17:26.037] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25333 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID27-tls1.2CS4.8_centos_kali_jdk_domain1.1726131491.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID27-tls1.2CS4.8_centos_kali_jdk_domain1.1726131491.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251209T121725Z&X-Amz-Signature=0ef180e399532875e02d064c36cb197460ce41f6e0f3d83a3eef037e24a3c3f2"} [2025-12-09 20:17:26.037] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:17:26.037] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:17:26.037] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:17:26.037] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:17:26.037] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:17:26.038] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:17:26.258] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID27-tls1.2CS4.8_centos_kali_jdk_domain1.1726131491.jsonl|result:{"code": 1, "total_count": 13, "alert_count": 11, "abnormal_count": 11, "normal_count": 2, "timestamp": 1765282646038, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44538, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7920813421502959, "2_count": 11, "2_sum": 13, "2_ratio": 0.8461538461538461, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44544, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7925224053903588, "2_count": 11, "2_sum": 13, "2_ratio": 0.8461538461538461, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44550, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8396849465499099, "2_count": 11, "2_sum": 13, "2_ratio": 0.8461538461538461, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44540, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5743813944301933, "2_count": 11, "2_sum": 13, "2_ratio": 0.8461538461538461, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44548, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7977631881234646, "2_count": 11, "2_sum": 13, "2_ratio": 0.8461538461538461, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44542, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8068297264372905, "2_count": 11, "2_sum": 13, "2_ratio": 0.8461538461538461, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44528, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8546484507385572, "2_count": 11, "2_sum": 13, "2_ratio": 0.8461538461538461, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44546, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7162736456166379, "2_count": 11, "2_sum": 13, "2_ratio": 0.8461538461538461, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44530, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8750001437745446, "2_count": 11, "2_sum": 13, "2_ratio": 0.8461538461538461, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44526, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 11, "2_sum": 13, "2_ratio": 0.8461538461538461, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44532, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6223364314711629, "2_count": 11, "2_sum": 13, "2_ratio": 0.8461538461538461, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:17:26.258] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 11|max_alert: 1000 [2025-12-09 20:17:26.258] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:17:26.258] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:17:26.258] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:17:29.165] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24985 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.1726129632.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.1726129632.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=64637545503d14f23de681a63ea82d586da847ea9f05c49846fad74a07875e88&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T121728Z"} [2025-12-09 20:17:29.165] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:17:29.165] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:17:29.165] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:17:29.165] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:17:29.165] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:17:29.165] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:17:29.380] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.1726129632.jsonl|result:{"code": 1, "total_count": 13, "alert_count": 12, "abnormal_count": 12, "normal_count": 1, "timestamp": 1765282649166, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 36982, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.645358975713871, "2_count": 12, "2_sum": 13, "2_ratio": 0.9230769230769231, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 36992, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7173125752864901, "2_count": 12, "2_sum": 13, "2_ratio": 0.9230769230769231, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 37004, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5915217816010709, "2_count": 12, "2_sum": 13, "2_ratio": 0.9230769230769231, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 56490, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7423598538991082, "2_count": 12, "2_sum": 13, "2_ratio": 0.9230769230769231, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 35710, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5372650123307994, "2_count": 12, "2_sum": 13, "2_ratio": 0.9230769230769231, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 35730, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7117355304645763, "2_count": 12, "2_sum": 13, "2_ratio": 0.9230769230769231, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 56494, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.844063156911654, "2_count": 12, "2_sum": 13, "2_ratio": 0.9230769230769231, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 35708, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 12, "2_sum": 13, "2_ratio": 0.9230769230769231, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 56522, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7046661217476976, "2_count": 12, "2_sum": 13, "2_ratio": 0.9230769230769231, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 36974, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7909008152122282, "2_count": 12, "2_sum": 13, "2_ratio": 0.9230769230769231, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 56508, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7612030493876523, "2_count": 12, "2_sum": 13, "2_ratio": 0.9230769230769231, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 36990, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5463985466238093, "2_count": 12, "2_sum": 13, "2_ratio": 0.9230769230769231, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:17:29.380] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 12|max_alert: 1000 [2025-12-09 20:17:29.380] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:17:29.380] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:17:29.380] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:17:32.294] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24986 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.1726132238.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.1726132238.jsonl?X-Amz-Signature=75a62645cabd16c939960fa28d4040329fbf12cc321be727679feb73b8e31b29&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T121731Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-09 20:17:32.294] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:17:32.294] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:17:32.295] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:17:32.295] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:17:32.295] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:17:32.295] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:17:32.544] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.1726132238.jsonl|result:{"code": 1, "total_count": 12, "alert_count": 12, "abnormal_count": 12, "normal_count": 0, "timestamp": 1765282652295, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53334, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.7442508309553904, "2_count": 12, "2_sum": 12, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53326, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.7965803475820881, "2_count": 12, "2_sum": 12, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53336, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.5295058357260812, "2_count": 12, "2_sum": 12, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53324, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.645743054285468, "2_count": 12, "2_sum": 12, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53322, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 12, "2_sum": 12, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53330, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.8275845624305066, "2_count": 12, "2_sum": 12, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53340, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.8829184175754848, "2_count": 12, "2_sum": 12, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53342, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.6721624046725702, "2_count": 12, "2_sum": 12, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53338, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.7490687046424453, "2_count": 12, "2_sum": 12, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53344, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.6023557106412213, "2_count": 12, "2_sum": 12, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53328, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.7774317609580008, "2_count": 12, "2_sum": 12, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53332, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.6762638693132109, "2_count": 12, "2_sum": 12, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:17:32.545] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 12|max_alert: 1000 [2025-12-09 20:17:32.545] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:17:32.545] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:17:32.545] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:17:35.412] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24238 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID73_godzilla_1.10_aspx_windowsserver2008r2_https.pcap.TCP_192-168-17-1_38046_192-168-17-132_443.1726129728.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID73_godzilla_1.10_aspx_windowsserver2008r2_https.pcap.TCP_192-168-17-1_38046_192-168-17-132_443.1726129728.jsonl?X-Amz-Date=20251209T121734Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=a14bd88a4df059ec8ed11047d625399187ea2b8c64d131a6d22a5e98cd57a770"} [2025-12-09 20:17:35.412] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:17:35.412] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:17:35.413] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:17:35.413] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:17:35.413] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:17:35.413] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:17:35.596] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID73_godzilla_1.10_aspx_windowsserver2008r2_https.pcap.TCP_192-168-17-1_38046_192-168-17-132_443.1726129728.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282655413, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.17.1", "dest_ip": "192.168.17.132", "protocol": 6, "src_port": 38046, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9999535734564688, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:17:35.596] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:17:35.596] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:17:35.596] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:17:35.596] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:17:38.531] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25334 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.1726132156.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.1726132156.jsonl?X-Amz-Date=20251209T121738Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=108d859e949b8e43a79aae1b214a506097da7edba8bbd8e876abcb1a819f98c2&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:17:38.531] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:17:38.531] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:17:38.531] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:17:38.531] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:17:38.531] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:17:38.532] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:17:38.748] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.1726132156.jsonl|result:{"code": 1, "total_count": 12, "alert_count": 11, "abnormal_count": 11, "normal_count": 1, "timestamp": 1765282658532, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44896, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.656546421625667, "2_count": 11, "2_sum": 12, "2_ratio": 0.9166666666666666, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44880, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7927806494649347, "2_count": 11, "2_sum": 12, "2_ratio": 0.9166666666666666, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44890, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6809353544552849, "2_count": 11, "2_sum": 12, "2_ratio": 0.9166666666666666, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44882, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8540260068036141, "2_count": 11, "2_sum": 12, "2_ratio": 0.9166666666666666, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44878, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7886796948345814, "2_count": 11, "2_sum": 12, "2_ratio": 0.9166666666666666, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44884, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9062125665453248, "2_count": 11, "2_sum": 12, "2_ratio": 0.9166666666666666, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44876, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 11, "2_sum": 12, "2_ratio": 0.9166666666666666, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44888, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7618044728672403, "2_count": 11, "2_sum": 12, "2_ratio": 0.9166666666666666, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44886, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7458259782927552, "2_count": 11, "2_sum": 12, "2_ratio": 0.9166666666666666, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44892, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8347860719091235, "2_count": 11, "2_sum": 12, "2_ratio": 0.9166666666666666, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44898, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6767071500659454, "2_count": 11, "2_sum": 12, "2_ratio": 0.9166666666666666, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:17:38.748] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 11|max_alert: 1000 [2025-12-09 20:17:38.749] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:17:38.749] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:17:38.749] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:17:41.679] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24239 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.1726132198.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.1726132198.jsonl?X-Amz-Date=20251209T121741Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=db5ace682d5abed79548f3fc713f57093d5a0015756654bee292115906b71786&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:17:41.679] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:17:41.679] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:17:41.679] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:17:41.679] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:17:41.679] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:17:41.680] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:17:41.896] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.1726132198.jsonl|result:{"code": 1, "total_count": 12, "alert_count": 11, "abnormal_count": 11, "normal_count": 1, "timestamp": 1765282661680, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44902, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5604761186120011, "2_count": 11, "2_sum": 12, "2_ratio": 0.9166666666666666, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44906, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.79266736051479, "2_count": 11, "2_sum": 12, "2_ratio": 0.9166666666666666, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44920, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6185975560935816, "2_count": 11, "2_sum": 12, "2_ratio": 0.9166666666666666, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44916, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7820979762504217, "2_count": 11, "2_sum": 12, "2_ratio": 0.9166666666666666, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44922, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7216490316609567, "2_count": 11, "2_sum": 12, "2_ratio": 0.9166666666666666, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44904, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7747396296208913, "2_count": 11, "2_sum": 12, "2_ratio": 0.9166666666666666, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44900, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 11, "2_sum": 12, "2_ratio": 0.9166666666666666, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44914, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7921735825556696, "2_count": 11, "2_sum": 12, "2_ratio": 0.9166666666666666, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44912, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6941403930190175, "2_count": 11, "2_sum": 12, "2_ratio": 0.9166666666666666, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44918, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7741551259482969, "2_count": 11, "2_sum": 12, "2_ratio": 0.9166666666666666, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44908, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7313392605554522, "2_count": 11, "2_sum": 12, "2_ratio": 0.9166666666666666, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:17:41.896] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 11|max_alert: 1000 [2025-12-09 20:17:41.896] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:17:41.896] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:17:41.896] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:17:44.802] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24987 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41508_192-168-163-23_443.1726205247.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41508_192-168-163-23_443.1726205247.jsonl?X-Amz-Date=20251209T121744Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=d21a43b631ca8472b3d1550b53a4f0d52ef9fa13727bae34e386eb45c97cfff6"} [2025-12-09 20:17:44.802] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:17:44.802] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:17:44.803] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:17:44.803] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:17:44.803] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:17:44.803] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:17:44.989] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41508_192-168-163-23_443.1726205247.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282664803, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41508, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.999987675667605, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:17:44.989] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:17:44.989] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:17:44.989] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:17:44.989] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:17:47.922] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24988 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41822_192-168-163-23_443.1726206667.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41822_192-168-163-23_443.1726206667.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251209T121747Z&X-Amz-SignedHeaders=host&X-Amz-Signature=5212aafc55e779f0ff40e016ac91416c652ebac37c5fae0516a4df0039215d36&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:17:47.922] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:17:47.922] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:17:47.922] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:17:47.922] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:17:47.922] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:17:47.923] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:17:48.108] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41822_192-168-163-23_443.1726206667.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282667923, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41822, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9999919931098776, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:17:48.108] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:17:48.109] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:17:48.109] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:17:48.109] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:17:51.045] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24989 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43324.1726308973.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43324.1726308973.jsonl?X-Amz-Date=20251209T121750Z&X-Amz-SignedHeaders=host&X-Amz-Signature=a8ccab9efc40b1fbf91b294172429306296c967a59fa347377fb6f4f1900f236&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:17:51.045] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:17:51.045] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:17:51.046] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:17:51.046] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:17:51.046] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:17:51.046] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:17:51.233] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43324.1726308973.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282671046, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "218.26.55.102", "dest_ip": "10.0.4.15", "protocol": 6, "src_port": 43324, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.999997832056583, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:17:51.233] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:17:51.233] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:17:51.233] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:17:51.233] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:17:54.160] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24240 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID27-tls1.2CS4.8_centos_kali_jdk_IP.1726131737.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID27-tls1.2CS4.8_centos_kali_jdk_IP.1726131737.jsonl?X-Amz-Date=20251209T121753Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=25748afd09d9d29e3357c5dab3a0bc1a59614b2b8afbcc379e39519fbeed1a32"} [2025-12-09 20:17:54.160] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:17:54.160] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:17:54.160] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:17:54.160] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:17:54.160] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:17:54.161] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:17:54.379] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID27-tls1.2CS4.8_centos_kali_jdk_IP.1726131737.jsonl|result:{"code": 1, "total_count": 12, "alert_count": 12, "abnormal_count": 12, "normal_count": 0, "timestamp": 1765282674161, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53142, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.8327380929202352, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53146, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.8520693922460204, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53136, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.7814608671479711, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53130, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.7742272817050536, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53144, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.8833097034151282, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53150, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.8207331555503071, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.135", "dest_ip": "91.189.91.96", "protocol": 6, "src_port": 54536, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53148, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.6466553657828094, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53140, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.8968716698408362, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53128, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53138, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.8361061171770977, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53132, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9364716586007662, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:17:54.379] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 12|max_alert: 1000 [2025-12-09 20:17:54.379] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:17:54.379] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:17:54.379] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:17:57.293] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25335 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.1726129584.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.1726129584.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T121756Z&X-Amz-Expires=604800&X-Amz-Signature=edbd3ecfa8289fc0dc7f491ce5eb0c1002e98e228faa040a471aba6306b34123&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:17:57.293] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:17:57.293] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:17:57.294] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:17:57.294] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:17:57.294] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:17:57.294] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:17:57.510] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.1726129584.jsonl|result:{"code": 1, "total_count": 12, "alert_count": 12, "abnormal_count": 12, "normal_count": 0, "timestamp": 1765282677295, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 52104, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5820294787660791, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 45842, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.592268158808573, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 33074, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5467283177738326, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 52090, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 45860, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.809274256789188, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.135", "dest_ip": "185.125.190.98", "protocol": 6, "src_port": 40916, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 33044, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7244387815839199, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 33056, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6308113658289384, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 45862, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8844120553728769, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 52112, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7399493449817247, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 33072, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6961407686164033, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 45844, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8579854060527151, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:17:57.510] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 12|max_alert: 1000 [2025-12-09 20:17:57.510] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:17:57.510] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:17:57.510] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:18:00.413] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24241 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID27-tls1.2CS4.8_centos_kali_jdk_domain2.1726131653.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID27-tls1.2CS4.8_centos_kali_jdk_domain2.1726131653.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T121759Z&X-Amz-Expires=604800&X-Amz-Signature=c5f1c7f57d87fd2845b54bf69c194bc87a6069280f863e5e2d3125a8a6ae1a52"} [2025-12-09 20:18:00.413] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:18:00.413] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:18:00.414] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:18:00.414] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:18:00.414] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:18:00.414] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:18:00.636] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID27-tls1.2CS4.8_centos_kali_jdk_domain2.1726131653.jsonl|result:{"code": 1, "total_count": 11, "alert_count": 10, "abnormal_count": 10, "normal_count": 1, "timestamp": 1765282680414, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44688, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7281417241208992, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44672, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7380767260451542, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44670, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44678, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5883169217082974, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44676, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8180514423474531, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44690, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8306985001593715, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44686, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6349527326831262, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44682, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.669473353317389, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44680, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8038337568942928, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44674, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5292865548688473, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:18:00.637] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 10|max_alert: 1000 [2025-12-09 20:18:00.637] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:18:00.637] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:18:00.637] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:18:03.542] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24242 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41292_192-168-163-23_80.1726204011.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41292_192-168-163-23_80.1726204011.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251209T121803Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=9a192ef0adcda7076e43fed5932c882c5723c5bbdd9c48dd53c62d1bc5c96946&X-Amz-SignedHeaders=host"} [2025-12-09 20:18:03.542] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:18:03.542] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:18:03.542] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:18:03.542] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:18:03.542] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:18:03.543] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:18:03.758] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41292_192-168-163-23_80.1726204011.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282683543, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41292, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:18:03.758] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:18:03.758] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:18:03.758] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:18:03.758] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:18:06.645] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24990 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41718_192-168-163-23_80.1726206182.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41718_192-168-163-23_80.1726206182.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T121806Z&X-Amz-SignedHeaders=host&X-Amz-Signature=c89b061e78dfce086a8ddbbd0835c0e3020bf93c911c2182e7d7b3506ec56d21&X-Amz-Expires=604800"} [2025-12-09 20:18:06.645] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:18:06.645] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:18:06.645] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:18:06.645] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:18:06.645] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:18:06.646] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:18:06.829] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41718_192-168-163-23_80.1726206182.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282686646, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41718, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:18:06.829] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:18:06.829] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:18:06.829] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:18:06.829] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:18:09.762] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24991 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62918_172-28-211-96_8443.1726646627.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62918_172-28-211-96_8443.1726646627.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=5e5f662ee2d1f0efc79128208ee93b3d55d41100a841dbf66853b9f76b0ae8f5&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T121809Z"} [2025-12-09 20:18:09.762] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:18:09.762] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:18:09.762] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:18:09.762] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:18:09.762] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:18:09.763] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:18:09.948] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62918_172-28-211-96_8443.1726646627.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282689763, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62918, "dest_port": 8443, "y_pred": 2, "y_pred_proba_max": 0.9999831835191105, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:18:09.948] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:18:09.948] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:18:09.948] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:18:09.948] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:18:12.879] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24243 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID27-tls1.2CS4.8_centos_kali_jdk_domain3.1726131696.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID27-tls1.2CS4.8_centos_kali_jdk_domain3.1726131696.jsonl?X-Amz-Signature=7941fc097fbc81e9fa29015b4ef6986d794d425f4d76573aa6ad7ede91b78000&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T121812Z&X-Amz-Expires=604800"} [2025-12-09 20:18:12.879] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:18:12.879] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:18:12.879] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:18:12.879] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:18:12.879] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:18:12.880] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:18:13.091] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID27-tls1.2CS4.8_centos_kali_jdk_domain3.1726131696.jsonl|result:{"code": 1, "total_count": 10, "alert_count": 8, "abnormal_count": 8, "normal_count": 2, "timestamp": 1765282692880, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44700, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 8, "2_sum": 10, "2_ratio": 0.8, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44708, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8359322785511986, "2_count": 8, "2_sum": 10, "2_ratio": 0.8, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44712, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7836784041256035, "2_count": 8, "2_sum": 10, "2_ratio": 0.8, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44706, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7759759313861461, "2_count": 8, "2_sum": 10, "2_ratio": 0.8, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44716, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8524267391018969, "2_count": 8, "2_sum": 10, "2_ratio": 0.8, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44714, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6391600432398261, "2_count": 8, "2_sum": 10, "2_ratio": 0.8, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44704, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7534169804090481, "2_count": 8, "2_sum": 10, "2_ratio": 0.8, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44718, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7259855494185945, "2_count": 8, "2_sum": 10, "2_ratio": 0.8, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:18:13.091] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 8|max_alert: 1000 [2025-12-09 20:18:13.091] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:18:13.091] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:18:13.091] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:18:16.003] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25336 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain1.1726132102.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain1.1726132102.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=f9926e99135bc105589cc0c40ef225def028e86ff643bb6f8d7b4b75cb680504&X-Amz-Date=20251209T121815Z&X-Amz-Expires=604800"} [2025-12-09 20:18:16.003] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:18:16.003] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:18:16.003] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:18:16.003] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:18:16.003] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:18:16.004] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:18:16.215] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain1.1726132102.jsonl|result:{"code": 1, "total_count": 10, "alert_count": 10, "abnormal_count": 10, "normal_count": 0, "timestamp": 1765282696004, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44842, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6957495068889487, "2_count": 10, "2_sum": 10, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44836, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 10, "2_sum": 10, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44846, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6469662190462722, "2_count": 10, "2_sum": 10, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44838, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5549799479091682, "2_count": 10, "2_sum": 10, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44840, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7303939128023762, "2_count": 10, "2_sum": 10, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44850, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6907793735712409, "2_count": 10, "2_sum": 10, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44848, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8577944376622961, "2_count": 10, "2_sum": 10, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44852, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7941063337160675, "2_count": 10, "2_sum": 10, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44854, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8649753129761104, "2_count": 10, "2_sum": 10, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44844, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8904617241740531, "2_count": 10, "2_sum": 10, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:18:16.215] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 10|max_alert: 1000 [2025-12-09 20:18:16.215] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:18:16.215] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:18:16.215] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:18:19.128] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24244 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.1726130487.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.1726130487.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=d084aff4025da48fc34c39f7f55c91128ee28cb280a98d2535256ef68435d01f&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T121818Z&X-Amz-SignedHeaders=host"} [2025-12-09 20:18:19.128] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:18:19.128] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:18:19.129] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:18:19.129] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:18:19.129] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:18:19.129] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:18:19.340] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.1726130487.jsonl|result:{"code": 1, "total_count": 10, "alert_count": 7, "abnormal_count": 7, "normal_count": 3, "timestamp": 1765282699129, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 36998, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.910731468640802, "2_count": 7, "2_sum": 10, "2_ratio": 0.7, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54372, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.878562954767242, "2_count": 7, "2_sum": 10, "2_ratio": 0.7, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 38764, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 7, "2_sum": 10, "2_ratio": 0.7, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54358, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.49381248622124246, "2_count": 7, "2_sum": 10, "2_ratio": 0.7, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54360, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5824559064294447, "2_count": 7, "2_sum": 10, "2_ratio": 0.7, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 37014, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8351820553379743, "2_count": 7, "2_sum": 10, "2_ratio": 0.7, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54386, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8545308495946718, "2_count": 7, "2_sum": 10, "2_ratio": 0.7, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:18:19.340] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 7|max_alert: 1000 [2025-12-09 20:18:19.340] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:18:19.340] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:18:19.340] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:18:22.241] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25337 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62608_172-28-211-96_8080.1726644126.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62608_172-28-211-96_8080.1726644126.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T121821Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=657f6716ab53107bd40bda064b2393ed6515eb0eff22663ef6b25ec9c3d3ea77&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-09 20:18:22.241] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:18:22.241] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:18:22.241] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:18:22.241] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:18:22.241] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:18:22.242] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:18:22.425] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62608_172-28-211-96_8080.1726644126.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282702242, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62608, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:18:22.425] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:18:22.425] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:18:22.425] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:18:22.425] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:18:25.357] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24245 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62980.1727519637.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62980.1727519637.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=4a7c1704e03a54229818da91b1013e85e32a93a3fb57eefe03826f0f71a816c4&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T121824Z"} [2025-12-09 20:18:25.357] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:18:25.357] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:18:25.357] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:18:25.357] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:18:25.357] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:18:25.358] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:18:25.544] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62980.1727519637.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282705358, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 62980, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999936808638287, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:18:25.544] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:18:25.544] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:18:25.544] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:18:25.545] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:18:28.481] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24246 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62113.1727518664.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62113.1727518664.jsonl?X-Amz-Signature=a809712205318a1f834968ac1f06a386cb145d454d62c31613011d287ef44436&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T121827Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:18:28.482] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:18:28.482] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:18:28.482] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:18:28.482] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:18:28.482] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:18:28.482] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:18:28.670] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62113.1727518664.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282708482, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 62113, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999761264915185, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:18:28.670] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:18:28.670] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:18:28.670] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:18:28.670] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:18:31.596] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24992 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50940.1727436527.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50940.1727436527.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=939f72dd8fa689a08119716e26535093bba9b626dd700ba62d71c0a41792ba0d&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T121831Z"} [2025-12-09 20:18:31.596] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:18:31.596] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:18:31.596] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:18:31.596] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:18:31.596] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:18:31.597] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:18:31.784] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50940.1727436527.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282711597, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 50940, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.999997286303893, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:18:31.784] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:18:31.784] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:18:31.784] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:18:31.784] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:18:34.714] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24993 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62935_172-28-211-96_8443.1726646726.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62935_172-28-211-96_8443.1726646726.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=6ebe3098b772458f43882a2b9cade762a6ba24a9fc33fc184d33dfe256af3507&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T121834Z&X-Amz-Expires=604800"} [2025-12-09 20:18:34.714] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:18:34.714] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:18:34.714] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:18:34.714] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:18:34.714] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:18:34.715] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:18:34.900] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62935_172-28-211-96_8443.1726646726.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282714715, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62935, "dest_port": 8443, "y_pred": 2, "y_pred_proba_max": 0.99999987360216, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:18:34.900] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:18:34.900] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:18:34.900] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:18:34.900] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:18:37.838] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24994 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63540.1727520252.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63540.1727520252.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=d5bbf3fc1cbb486c4f19ba2d76c926d950f6a43b26089d22e88f401e1296762e&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251209T121837Z&X-Amz-SignedHeaders=host"} [2025-12-09 20:18:37.838] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:18:37.838] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:18:37.838] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:18:37.838] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:18:37.838] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:18:37.838] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:18:38.059] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63540.1727520252.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282717839, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 63540, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999926552861899, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:18:38.059] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:18:38.059] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:18:38.059] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:18:38.059] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:18:40.952] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24995 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63357.1727520061.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63357.1727520061.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T121840Z&X-Amz-Signature=0dd6282694c4585790da12f9a72cc40972cceac9cc4530483b56b0de82b75aee&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-09 20:18:40.952] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:18:40.952] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:18:40.952] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:18:40.952] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:18:40.952] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:18:40.953] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:18:41.139] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63357.1727520061.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282720953, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 63357, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:18:41.139] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:18:41.139] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:18:41.139] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:18:41.139] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:18:44.070] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24996 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62813.1727519464.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62813.1727519464.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T121843Z&X-Amz-Signature=089585fb9b51160c092f127f1b8ca9c97d6b157521e088e8a335ce09a973d47c"} [2025-12-09 20:18:44.070] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:18:44.070] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:18:44.071] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:18:44.071] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:18:44.071] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:18:44.071] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:18:44.255] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62813.1727519464.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282724071, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 62813, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:18:44.255] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:18:44.255] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:18:44.255] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:18:44.255] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:18:47.180] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25338 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61694.1727518196.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61694.1727518196.jsonl?X-Amz-Date=20251209T121846Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=f6a8affeb2e09aa4b54b3e1b789d67549e13a131ede3d6b831309de0150faabf"} [2025-12-09 20:18:47.180] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:18:47.180] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:18:47.180] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:18:47.180] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:18:47.180] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:18:47.181] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:18:47.364] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61694.1727518196.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282727181, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 61694, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:18:47.364] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:18:47.364] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:18:47.364] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:18:47.364] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:18:50.295] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24997 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50566.1727436123.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50566.1727436123.jsonl?X-Amz-Signature=3c724cd7800846d85da4ebbd37b6b8e75ce2bbd94dc08d68009846252c6da112&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T121849Z"} [2025-12-09 20:18:50.295] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:18:50.295] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:18:50.295] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:18:50.295] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:18:50.295] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:18:50.296] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:18:50.479] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50566.1727436123.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282730296, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 50566, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:18:50.479] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:18:50.479] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:18:50.479] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:18:50.479] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:18:53.409] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25339 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62936_172-28-211-96_8443.1726646726.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62936_172-28-211-96_8443.1726646726.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T121852Z&X-Amz-SignedHeaders=host&X-Amz-Signature=5b5aec3c9012dcd1f808498e1c79bd5bba612e41acc2e99205dd72bfaf6231b5"} [2025-12-09 20:18:53.409] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:18:53.409] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:18:53.410] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:18:53.410] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:18:53.410] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:18:53.410] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:18:53.596] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62936_172-28-211-96_8443.1726646726.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282733410, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62936, "dest_port": 8443, "y_pred": 2, "y_pred_proba_max": 0.9999979901782339, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:18:53.596] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:18:53.596] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:18:53.596] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:18:53.596] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:18:56.515] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25340 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_4433_111-53-218-171_11102.1726283919.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_4433_111-53-218-171_11102.1726283919.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T121856Z&X-Amz-Signature=c4e1a2fac240d2fc37a4a52338a87fc71740c078683e46719be309316483cf47&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:18:56.515] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:18:56.515] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:18:56.515] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:18:56.515] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:18:56.515] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:18:56.516] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:18:56.702] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_4433_111-53-218-171_11102.1726283919.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282736516, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "111.53.218.171", "dest_ip": "10.0.4.15", "protocol": 6, "src_port": 11102, "dest_port": 4433, "y_pred": 2, "y_pred_proba_max": 0.9999995257547307, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:18:56.702] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:18:56.702] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:18:56.702] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:18:56.702] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:18:59.625] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25341 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62622_172-28-211-96_8080.1726644233.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62622_172-28-211-96_8080.1726644233.jsonl?X-Amz-Date=20251209T121859Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=bbb9d38fe19b476f61a18ccb70dd371b5f7bea9e200b6c29b827558a89f22701"} [2025-12-09 20:18:59.626] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:18:59.626] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:18:59.626] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:18:59.626] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:18:59.626] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:18:59.626] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:18:59.810] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62622_172-28-211-96_8080.1726644233.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282739626, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62622, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:18:59.810] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:18:59.810] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:18:59.810] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:18:59.810] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:19:02.735] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25342 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62621_172-28-211-96_8080.1726644233.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62621_172-28-211-96_8080.1726644233.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T121902Z&X-Amz-Signature=688dd0686375ceae48478089533dcfd1d7784b0e2ec71603d2bbf9e7b95b38a1&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:19:02.735] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:19:02.735] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:19:02.736] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:19:02.736] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:19:02.736] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:19:02.736] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:19:02.920] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62621_172-28-211-96_8080.1726644233.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282742736, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62621, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:19:02.920] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:19:02.920] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:19:02.920] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:19:02.920] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:19:05.848] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24247 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62953_172-28-211-96_8443.1726646865.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62953_172-28-211-96_8443.1726646865.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=a39dae968f8713999f13b6a3ce781c08b68f5a8129e88efc4ead1a624d836f6a&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T121905Z"} [2025-12-09 20:19:05.848] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:19:05.848] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:19:05.848] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:19:05.848] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:19:05.848] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:19:05.849] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:19:06.038] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62953_172-28-211-96_8443.1726646865.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282745849, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62953, "dest_port": 8443, "y_pred": 2, "y_pred_proba_max": 0.9999663492243163, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:19:06.038] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:19:06.038] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:19:06.038] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:19:06.038] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:19:08.965] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24248 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50936.1727436524.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50936.1727436524.jsonl?X-Amz-Signature=5136fec46c1f728f40b985923149d0b27741187082b19a9788818144144b0af4&X-Amz-Date=20251209T121908Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 20:19:08.965] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:19:08.965] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:19:08.965] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:19:08.965] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:19:08.965] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:19:08.966] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:19:09.151] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50936.1727436524.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282748966, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 50936, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999989074445264, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:19:09.151] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:19:09.151] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:19:09.151] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:19:09.152] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:19:12.091] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25343 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62976.1727519635.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62976.1727519635.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=35f8e65e2b38b6434c110c64c45739a7c144140273f7444ad1b72a35abd9f060&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251209T121911Z"} [2025-12-09 20:19:12.092] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:19:12.092] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:19:12.092] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:19:12.092] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:19:12.092] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:19:12.092] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:19:12.279] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62976.1727519635.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282752092, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 62976, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999884237372928, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:19:12.279] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:19:12.279] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:19:12.279] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:19:12.279] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:19:15.210] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25344 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.TCP_10-0-4-15_4433_111-53-218-171_11619.1726284624.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.TCP_10-0-4-15_4433_111-53-218-171_11619.1726284624.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T121914Z&X-Amz-Signature=5cad6cb431f0d70c3aa2f54311d21f7c33e04006455a7bef012ed8ac0e303b85&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-09 20:19:15.210] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:19:15.210] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:19:15.210] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:19:15.210] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:19:15.210] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:19:15.211] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:19:15.430] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.TCP_10-0-4-15_4433_111-53-218-171_11619.1726284624.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282755211, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "111.53.218.171", "dest_ip": "10.0.4.15", "protocol": 6, "src_port": 11619, "dest_port": 4433, "y_pred": 2, "y_pred_proba_max": 0.999998206014365, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:19:15.430] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:19:15.430] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:19:15.430] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:19:15.430] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:19:18.321] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25345 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62111.1727518662.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62111.1727518662.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251209T121917Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=1cfe2082087d0b6c172fbf044377a36d9e1f0a5243cf5cd7f3115b70ee641a40&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:19:18.321] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:19:18.321] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:19:18.321] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:19:18.321] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:19:18.321] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:19:18.322] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:19:18.509] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62111.1727518662.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282758322, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 62111, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999983009325566, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:19:18.509] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:19:18.509] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:19:18.509] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:19:18.509] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:19:21.433] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25346 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63537.1727520249.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63537.1727520249.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T121920Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=99ef81c2605210e51ce51e3e8037f53e297329941743a5cdee975aaa57ba6e39"} [2025-12-09 20:19:21.433] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:19:21.433] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:19:21.434] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:19:21.434] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:19:21.434] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:19:21.434] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:19:21.621] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63537.1727520249.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282761434, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 63537, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999969505773867, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:19:21.621] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:19:21.621] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:19:21.621] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:19:21.622] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:19:24.544] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24998 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.1726816453.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.1726816453.jsonl?X-Amz-Date=20251209T121924Z&X-Amz-Expires=604800&X-Amz-Signature=c57e0cc948bff57605a134dcc42764caee96b047f35f354255716eebad314e57&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:19:24.544] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:19:24.544] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:19:24.544] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:19:24.544] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:19:24.544] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:19:24.545] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:19:24.746] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.1726816453.jsonl|result:{"code": 1, "total_count": 7, "alert_count": 7, "abnormal_count": 7, "normal_count": 0, "timestamp": 1765282764545, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51868, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.67716028710914, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51871, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5734997034085443, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51864, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9406154167358071, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51862, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8621027184790087, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51865, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5080692700085622, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51867, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8704952835928917, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51870, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9153528874092203, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:19:24.746] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 7|max_alert: 1000 [2025-12-09 20:19:24.746] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:19:24.746] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:19:24.746] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:19:27.665] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24249 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.1726795336.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.1726795336.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=4f65d1edd567b068323d8e3d9d17961afaebe916504dbd6e6721aba70b999db3&X-Amz-Date=20251209T121927Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:19:27.665] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:19:27.665] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:19:27.665] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:19:27.665] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:19:27.665] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:19:27.666] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:19:27.866] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.1726795336.jsonl|result:{"code": 1, "total_count": 7, "alert_count": 7, "abnormal_count": 7, "normal_count": 0, "timestamp": 1765282767666, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51108, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8392515804044033, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51109, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7797161693223945, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51111, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.916775698659375, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51112, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5651993738764558, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51114, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9777326623147766, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51115, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6497119181245019, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51106, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.715040822249808, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:19:27.866] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 7|max_alert: 1000 [2025-12-09 20:19:27.866] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:19:27.866] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:19:27.866] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:19:30.774] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24250 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.1726799420.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.1726799420.jsonl?X-Amz-Date=20251209T121930Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=836fcd8389f2abe2b2ef3100b1579052ac32d5d7bf3284227fb128b64162cfc0&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:19:30.774] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:19:30.774] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:19:30.774] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:19:30.774] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:19:30.774] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:19:30.774] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:19:30.975] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.1726799420.jsonl|result:{"code": 1, "total_count": 7, "alert_count": 7, "abnormal_count": 7, "normal_count": 0, "timestamp": 1765282770774, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51224, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.8517472665546844, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51225, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.6130112177499187, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51218, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.8795958530980557, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51221, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.9473445349389896, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51222, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.8209179403780051, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51219, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.675247694982502, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51216, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.84095193599556, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:19:30.975] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 7|max_alert: 1000 [2025-12-09 20:19:30.976] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:19:30.976] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:19:30.976] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:19:33.896] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25347 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.1726813550.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.1726813550.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T121933Z&X-Amz-Signature=c53327bc9feebff09825bdd1b13937acd4d7460827873f0cffa58e065ec41988"} [2025-12-09 20:19:33.897] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:19:33.897] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:19:33.897] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:19:33.897] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:19:33.897] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:19:33.897] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:19:34.098] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.1726813550.jsonl|result:{"code": 1, "total_count": 7, "alert_count": 7, "abnormal_count": 7, "normal_count": 0, "timestamp": 1765282773897, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51762, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.865003353805995, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51771, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.9958367333381308, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51764, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.9325163085458639, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51767, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.9438503413518589, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51768, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.914844091541431, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51765, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.9918547827309265, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51770, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.7144807820989244, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:19:34.098] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 7|max_alert: 1000 [2025-12-09 20:19:34.098] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:19:34.098] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:19:34.098] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:19:37.009] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25348 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50563.1727436120.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50563.1727436120.jsonl?X-Amz-Signature=75bdeac71ebaa7ddc33af656aaeb154753292d31295e6e3db493f8bff3f83476&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T121936Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:19:37.009] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:19:37.009] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:19:37.010] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:19:37.010] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:19:37.010] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:19:37.010] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:19:37.194] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50563.1727436120.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282777010, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 50563, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:19:37.194] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:19:37.194] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:19:37.194] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:19:37.194] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:19:40.112] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24251 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62811.1727519462.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62811.1727519462.jsonl?X-Amz-Signature=766c80dd28dfed80425131f835d15284318b736ff2e483c0335b346885d3388a&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T121939Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 20:19:40.112] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:19:40.112] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:19:40.112] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:19:40.112] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:19:40.112] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:19:40.113] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:19:40.297] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62811.1727519462.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282780113, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 62811, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:19:40.297] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:19:40.297] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:19:40.297] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:19:40.297] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:19:43.235] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24252 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63355.1727520059.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63355.1727520059.jsonl?X-Amz-Signature=f34a98d19f09cfac8f11fb3d01ea1a7014a882496c992e147c5f298baba7d724&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T121942Z&X-Amz-Expires=604800"} [2025-12-09 20:19:43.235] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:19:43.235] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:19:43.235] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:19:43.235] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:19:43.235] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:19:43.236] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:19:43.419] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63355.1727520059.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282783236, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 63355, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:19:43.420] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:19:43.420] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:19:43.420] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:19:43.420] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:19:46.347] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 24999 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61690.1727518193.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61690.1727518193.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=cb54961d6662568572db8068899a3e3adb707df63e77105ffc1a3b68762febd2&X-Amz-Date=20251209T121945Z"} [2025-12-09 20:19:46.347] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:19:46.347] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:19:46.348] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:19:46.348] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:19:46.348] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:19:46.348] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:19:46.566] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61690.1727518193.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282786348, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 61690, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:19:46.566] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:19:46.566] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:19:46.566] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:19:46.566] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:19:49.461] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24253 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62740_172-28-211-96_8443.1726645187.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62740_172-28-211-96_8443.1726645187.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T121948Z&X-Amz-Signature=8aa0861c069f84dab62c0806c4e07409fff4652cdba8ddc5335dd17c25e24de5&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:19:49.461] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:19:49.461] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:19:49.461] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:19:49.461] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:19:49.461] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:19:49.462] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:19:49.648] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62740_172-28-211-96_8443.1726645187.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282789462, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62740, "dest_port": 8443, "y_pred": 2, "y_pred_proba_max": 0.9998478752076382, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:19:49.648] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:19:49.648] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:19:49.648] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:19:49.648] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:19:52.577] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25349 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_whoami.pcap.TCP_192-168-52-1_25209_192-168-52-129_443.1725956951.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_whoami.pcap.TCP_192-168-52-1_25209_192-168-52-129_443.1725956951.jsonl?X-Amz-Signature=513d628e785e9d47e92b3c2ad0e0c7b0b0860514840a57f5c969002ccdc4ca41&X-Amz-Date=20251209T121952Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-09 20:19:52.578] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:19:52.578] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:19:52.578] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:19:52.578] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:19:52.578] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:19:52.578] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:19:52.764] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_whoami.pcap.TCP_192-168-52-1_25209_192-168-52-129_443.1725956951.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282792578, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 25209, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999966233687475, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:19:52.764] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:19:52.764] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:19:52.764] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:19:52.764] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:19:55.697] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25350 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43323.1726308966.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43323.1726308966.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T121955Z&X-Amz-Signature=9d5e7a1f703a68e85608c4657b7b53b63c3be011d270292aa80130a62326c1d3"} [2025-12-09 20:19:55.697] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:19:55.697] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:19:55.697] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:19:55.697] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:19:55.697] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:19:55.698] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:19:55.885] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43323.1726308966.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282795698, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "218.26.55.102", "dest_ip": "10.0.4.15", "protocol": 6, "src_port": 43323, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.99999845215055, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:19:55.885] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:19:55.885] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:19:55.885] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:19:55.885] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:19:58.819] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25000 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_4433_111-53-218-171_11098.1726283912.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_4433_111-53-218-171_11098.1726283912.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251209T121958Z&X-Amz-Signature=19aa7c73835b5c1ab22fdd1736a49da6310643bef3e8300483b9b64a862383a9&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:19:58.819] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:19:58.819] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:19:58.819] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:19:58.819] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:19:58.819] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:19:58.820] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:19:59.006] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_4433_111-53-218-171_11098.1726283912.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282798820, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "111.53.218.171", "dest_ip": "10.0.4.15", "protocol": 6, "src_port": 11098, "dest_port": 4433, "y_pred": 2, "y_pred_proba_max": 0.9999901824318602, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:19:59.006] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:19:59.006] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:19:59.006] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:19:59.006] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:20:01.935] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24254 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62395_172-28-211-96_8080.1726642569.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62395_172-28-211-96_8080.1726642569.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=be4d6bba6fd82d4437130b69d33495b4419b6ad476b2bbe9b44f972b3fe6dc1d&X-Amz-Date=20251209T122001Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-09 20:20:01.935] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:20:01.935] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:20:01.935] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:20:01.935] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:20:01.935] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:20:01.936] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:20:02.120] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62395_172-28-211-96_8080.1726642569.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282801936, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62395, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:20:02.120] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:20:02.120] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:20:02.120] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:20:02.120] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:20:05.050] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24255 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_53296_192-168-32-40_443.1726127499.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_53296_192-168-32-40_443.1726127499.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=224ad7ff89c91811cd9dcc6073ee4eb188dc499677c2ccda911ceed50dbc21f6&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T122004Z"} [2025-12-09 20:20:05.050] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:20:05.050] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:20:05.050] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:20:05.050] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:20:05.050] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:20:05.050] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:20:05.236] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_53296_192-168-32-40_443.1726127499.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282805051, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "protocol": 6, "src_port": 53296, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.999996543225842, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:20:05.236] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:20:05.236] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:20:05.236] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:20:05.236] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:20:08.168] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25351 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62482_172-28-211-96_8080.1726643269.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62482_172-28-211-96_8080.1726643269.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=9d5b0548ba9bb1038669bc0921b998796d678668751c89804d76db60e82f678e&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T122007Z"} [2025-12-09 20:20:08.168] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:20:08.168] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:20:08.168] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:20:08.168] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:20:08.168] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:20:08.169] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:20:08.353] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62482_172-28-211-96_8080.1726643269.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282808169, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62482, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:20:08.353] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:20:08.353] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:20:08.353] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:20:08.353] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:20:11.285] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25001 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62436_172-28-211-96_8080.1726642849.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62436_172-28-211-96_8080.1726642849.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T122010Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=7cefd3c9c329685df0410d23bb2350c4099824dad2281576b8a0aba042ef65b2"} [2025-12-09 20:20:11.285] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:20:11.285] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:20:11.285] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:20:11.285] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:20:11.285] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:20:11.286] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:20:11.473] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62436_172-28-211-96_8080.1726642849.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282811286, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62436, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:20:11.473] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:20:11.473] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:20:11.473] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:20:11.473] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:20:14.399] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24256 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62453_172-28-211-96_8080.1726642989.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62453_172-28-211-96_8080.1726642989.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T122013Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=2351fcbae7fd7aada78acaf93bda2b7c54206f673de789d218ea4fa3d574ebb7&X-Amz-Expires=604800"} [2025-12-09 20:20:14.399] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:20:14.399] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:20:14.399] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:20:14.399] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:20:14.399] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:20:14.400] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:20:14.583] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62453_172-28-211-96_8080.1726642989.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282814400, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62453, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:20:14.583] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:20:14.583] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:20:14.583] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:20:14.583] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:20:17.516] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25002 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62447_172-28-211-96_8080.1726642946.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62447_172-28-211-96_8080.1726642946.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251209T122017Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=bb5f9eb87d99a222042427c6ff9246464ca39819a262877d1b6a3899f1f216b7&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-09 20:20:17.516] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:20:17.516] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:20:17.517] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:20:17.517] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:20:17.517] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:20:17.518] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:20:17.702] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62447_172-28-211-96_8080.1726642946.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282817518, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62447, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:20:17.702] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:20:17.702] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:20:17.702] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:20:17.702] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:20:20.628] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25352 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_58000_192-168-32-40_80.1726196734.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_58000_192-168-32-40_80.1726196734.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T122020Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=6b0710b34f8f4f1d6a8e534a92608e488605c23f444860b8c1ce5c653fd2272e"} [2025-12-09 20:20:20.628] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:20:20.628] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:20:20.628] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:20:20.628] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:20:20.628] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:20:20.629] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:20:20.847] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_58000_192-168-32-40_80.1726196734.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282820629, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "protocol": 6, "src_port": 58000, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:20:20.847] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:20:20.847] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:20:20.847] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:20:20.847] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:20:23.746] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25003 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62986.1727519643.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62986.1727519643.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251209T122023Z&X-Amz-SignedHeaders=host&X-Amz-Signature=d0b07a5e333bd60bc3ac18dd53fbb65fa2334ba3002f761d9b4cdd729a83e6f3&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:20:23.746] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:20:23.746] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:20:23.746] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:20:23.746] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:20:23.746] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:20:23.747] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:20:23.935] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62986.1727519643.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282823748, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 62986, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999966907052797, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:20:23.935] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:20:23.935] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:20:23.935] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:20:23.935] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:20:26.862] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25353 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62121.1727518671.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62121.1727518671.jsonl?X-Amz-Date=20251209T122026Z&X-Amz-SignedHeaders=host&X-Amz-Signature=f083924f581717977c2e6d88b11fb2984efc69aa14541bb9b94b4a9b6075b56d&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:20:26.863] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:20:26.863] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:20:26.863] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:20:26.863] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:20:26.863] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:20:26.864] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:20:27.051] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62121.1727518671.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282826864, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 62121, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999986040521287, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:20:27.051] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:20:27.051] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:20:27.051] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:20:27.051] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:20:29.980] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24257 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50946.1727436533.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50946.1727436533.jsonl?X-Amz-Signature=5c99fc3e7a10d1e26596a1e08534d3858190bc7f9359cbf6e8510cdd7ac731be&X-Amz-Date=20251209T122029Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:20:29.980] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:20:29.980] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:20:29.980] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:20:29.980] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:20:29.980] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:20:29.981] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:20:30.169] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50946.1727436533.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282829981, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 50946, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999984354851469, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:20:30.169] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:20:30.169] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:20:30.169] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:20:30.169] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:20:33.102] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24258 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-137_22_192-168-126-139_51146.1726796463.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-137_22_192-168-126-139_51146.1726796463.jsonl?X-Amz-Expires=604800&X-Amz-Signature=a24ff3d6b2a1e27e779c5bc49ade90b2efc6705fa1939edfe9cef7ce7f56fe2d&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T122032Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:20:33.102] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:20:33.102] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:20:33.102] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:20:33.102] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:20:33.102] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:20:33.103] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:20:33.291] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-137_22_192-168-126-139_51146.1726796463.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282833103, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.137", "protocol": 6, "src_port": 51146, "dest_port": 22, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:20:33.291] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:20:33.291] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:20:33.291] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:20:33.291] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:20:36.216] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25354 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-137_22_192-168-126-139_51804.1726814723.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-137_22_192-168-126-139_51804.1726814723.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T122035Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=a8cbb7039020f27422534a640d5c0e37180eabfb9988dfff25d63f9500b2a6d9&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:20:36.217] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:20:36.217] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:20:36.217] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:20:36.217] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:20:36.217] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:20:36.217] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:20:36.401] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-137_22_192-168-126-139_51804.1726814723.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282836217, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.137", "protocol": 6, "src_port": 51804, "dest_port": 22, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:20:36.401] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:20:36.401] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:20:36.401] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:20:36.401] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:20:39.331] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25355 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-137_22_192-168-126-139_51901.1726817548.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-137_22_192-168-126-139_51901.1726817548.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T122038Z&X-Amz-Expires=604800&X-Amz-Signature=ee0e3d5f841092d7ddbf43d9cd076a6ae1c02574cdae07e63f3dfa1e6803aa2d&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:20:39.331] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:20:39.331] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:20:39.331] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:20:39.331] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:20:39.332] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:20:39.332] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:20:39.526] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-137_22_192-168-126-139_51901.1726817548.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282839333, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.137", "protocol": 6, "src_port": 51901, "dest_port": 22, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:20:39.526] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:20:39.526] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:20:39.526] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:20:39.526] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:20:42.451] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25004 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-137_22_192-168-126-139_51264.1726800660.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-137_22_192-168-126-139_51264.1726800660.jsonl?X-Amz-Signature=e30036c8ba11a6c87ccd66efbf5309e7bdb37cc9325446c4f097b775a98768d6&X-Amz-Date=20251209T122041Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-09 20:20:42.451] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:20:42.451] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:20:42.451] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:20:42.452] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:20:42.452] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:20:42.452] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:20:42.636] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-137_22_192-168-126-139_51264.1726800660.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282842452, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.137", "protocol": 6, "src_port": 51264, "dest_port": 22, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:20:42.636] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:20:42.636] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:20:42.636] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:20:42.636] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:20:45.568] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25356 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43405_192-168-37-136_8443.1727255896.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43405_192-168-37-136_8443.1727255896.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=e219219cd1bbec18c07d1e3c11160be28b95d97a1944b3ef6edc7836c24aadf6&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T122045Z"} [2025-12-09 20:20:45.568] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:20:45.568] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:20:45.568] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:20:45.568] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:20:45.568] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:20:45.569] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:20:45.756] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43405_192-168-37-136_8443.1727255896.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282845569, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 43405, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9999907105433089, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:20:45.756] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:20:45.756] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:20:45.756] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:20:45.756] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:20:48.684] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24259 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43325.1726308992.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43325.1726308992.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=44985a0c360fc4edc0d83574fc2abfdc0e07a550e77b2f0f6cdf420f896cdef9&X-Amz-Expires=604800&X-Amz-Date=20251209T122048Z&X-Amz-SignedHeaders=host"} [2025-12-09 20:20:48.684] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:20:48.684] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:20:48.684] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:20:48.684] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:20:48.684] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:20:48.685] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:20:48.871] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43325.1726308992.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282848685, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "218.26.55.102", "dest_ip": "10.0.4.15", "protocol": 6, "src_port": 43325, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999997790801334, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:20:48.871] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:20:48.871] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:20:48.871] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:20:48.871] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:20:51.803] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25005 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43404_192-168-37-136_8443.1727255892.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43404_192-168-37-136_8443.1727255892.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T122051Z&X-Amz-SignedHeaders=host&X-Amz-Signature=2c32486e412401824c260fb93ab6a5f364588cdf69bc17e32dd58fb7dd02e871&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:20:51.803] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:20:51.803] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:20:51.803] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:20:51.803] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:20:51.803] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:20:51.804] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:20:51.990] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43404_192-168-37-136_8443.1727255892.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282851804, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 43404, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.999950120118117, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:20:51.990] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:20:51.990] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:20:51.990] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:20:51.990] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:20:54.930] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24260 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63545.1727520257.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63545.1727520257.jsonl?X-Amz-Expires=604800&X-Amz-Signature=7abf03bf7ac1838638ae30ac6c5220cabcdbbac16fbb2b99337459fd994118e0&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T122054Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:20:54.930] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:20:54.930] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:20:54.930] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:20:54.930] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:20:54.930] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:20:54.931] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:20:55.153] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63545.1727520257.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282854931, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 63545, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999915605102992, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:20:55.153] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:20:55.153] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:20:55.153] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:20:55.153] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:20:58.044] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25357 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID71_Z_Godzilla_ekp1.1_jsp_linux-http.pcap.TCP_192-168-0-3_62462_192-168-0-202_8080.1726715909.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID71_Z_Godzilla_ekp1.1_jsp_linux-http.pcap.TCP_192-168-0-3_62462_192-168-0-202_8080.1726715909.jsonl?X-Amz-Date=20251209T122057Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=e765d23b5ab25fcd38c69034e6220389f2dd24883fc3e78f75a8090f5ada3b7d&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:20:58.044] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:20:58.044] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:20:58.044] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:20:58.044] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:20:58.044] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:20:58.045] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:20:58.227] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID71_Z_Godzilla_ekp1.1_jsp_linux-http.pcap.TCP_192-168-0-3_62462_192-168-0-202_8080.1726715909.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282858045, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.0.3", "dest_ip": "192.168.0.202", "protocol": 6, "src_port": 62462, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:20:58.227] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:20:58.227] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:20:58.227] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:20:58.227] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:21:01.164] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25006 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43406_192-168-37-136_8443.1727255901.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43406_192-168-37-136_8443.1727255901.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=43b6e48adda950bc148d331132f557f60125b2030651320cb901b523e4465a13&X-Amz-Date=20251209T122100Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:21:01.164] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:21:01.164] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:21:01.164] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:21:01.164] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:21:01.164] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:21:01.165] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:21:01.351] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43406_192-168-37-136_8443.1727255901.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282861165, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 43406, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9999835855763487, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:21:01.351] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:21:01.351] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:21:01.351] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:21:01.351] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:21:04.282] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25007 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50930.1727436517.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50930.1727436517.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T122103Z&X-Amz-Signature=f82a5e0bd8ae15cd19170a3762c2fb7b2b8246b9fc9780a4817b39724b245992&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 20:21:04.282] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:21:04.282] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:21:04.282] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:21:04.282] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:21:04.282] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:21:04.283] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:21:04.482] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50930.1727436517.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282864283, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 50930, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999949518150368, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:21:04.482] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:21:04.482] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:21:04.482] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:21:04.482] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:21:07.393] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25358 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43403_192-168-37-136_8443.1727255889.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43403_192-168-37-136_8443.1727255889.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T122106Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=d620cc4e95435c289f564778dbb1459ca10e8efcc24760001892443a1962e9e2&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 20:21:07.394] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:21:07.394] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:21:07.394] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:21:07.394] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:21:07.394] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:21:07.395] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:21:07.580] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43403_192-168-37-136_8443.1727255889.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282867395, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 43403, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9999741843451192, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:21:07.580] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:21:07.580] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:21:07.580] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:21:07.580] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:21:10.513] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24261 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62106.1727518658.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62106.1727518658.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=921878673a79c4856b26f09969ad38048af85cac33e76507805e35b415dde8a1&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T122110Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 20:21:10.513] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:21:10.513] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:21:10.513] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:21:10.513] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:21:10.513] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:21:10.514] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:21:10.701] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62106.1727518658.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282870514, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 62106, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999991431974602, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:21:10.701] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:21:10.701] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:21:10.701] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:21:10.701] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:21:13.625] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25359 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43401_192-168-37-136_8443.1727255881.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43401_192-168-37-136_8443.1727255881.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T122113Z&X-Amz-Signature=781d32f14b7f5341cf6ee0ee420335939e3d202975ef4ed8635cb3876ae38911&X-Amz-Expires=604800"} [2025-12-09 20:21:13.625] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:21:13.625] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:21:13.625] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:21:13.625] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:21:13.625] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:21:13.626] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:21:13.811] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43401_192-168-37-136_8443.1727255881.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282873626, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 43401, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9999619129712799, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:21:13.811] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:21:13.811] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:21:13.811] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:21:13.811] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:21:16.750] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24262 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62972.1727519631.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62972.1727519631.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=697e0115ef4aa2f1659ec7a8deaffdbdb8be858df3c4197ec7d32c1703801a06&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T122116Z"} [2025-12-09 20:21:16.751] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:21:16.751] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:21:16.751] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:21:16.751] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:21:16.751] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:21:16.751] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:21:16.938] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62972.1727519631.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282876751, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 62972, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999995521065269, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:21:16.938] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:21:16.938] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:21:16.938] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:21:16.938] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:21:19.856] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24263 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62969.1727519628.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62969.1727519628.jsonl?X-Amz-Date=20251209T122119Z&X-Amz-Expires=604800&X-Amz-Signature=2baf9f9a40e522a3d466af60e793e3af34a51bcf3829665369a0ed91a46c8482&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:21:19.856] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:21:19.856] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:21:19.857] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:21:19.857] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:21:19.857] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:21:19.857] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:21:20.044] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62969.1727519628.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282879857, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 62969, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999993572865448, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:21:20.044] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:21:20.044] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:21:20.044] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:21:20.044] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:21:22.975] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24264 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62102.1727518653.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62102.1727518653.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=8fd3604b21625f404b4187a738d4d58ce030130980718bc5daf3f36081bd41a3&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T122122Z"} [2025-12-09 20:21:22.975] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:21:22.975] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:21:22.976] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:21:22.976] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:21:22.976] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:21:22.976] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:21:23.163] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62102.1727518653.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282882976, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 62102, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.999990589860412, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:21:23.163] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:21:23.163] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:21:23.163] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:21:23.163] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:21:26.095] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25360 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.3_1.pcap.TCP_10-0-4-15_443_218-26-55-102_43318.1726308782.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.3_1.pcap.TCP_10-0-4-15_443_218-26-55-102_43318.1726308782.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=da6331c3e6497c44b91aa07d579dc3c7a84745047dc2a5c7f98c60a9c34d4405&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251209T122125Z"} [2025-12-09 20:21:26.095] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:21:26.095] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:21:26.095] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:21:26.095] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:21:26.095] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:21:26.095] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:21:26.281] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.3_1.pcap.TCP_10-0-4-15_443_218-26-55-102_43318.1726308782.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282886095, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "218.26.55.102", "dest_ip": "10.0.4.15", "protocol": 6, "src_port": 43318, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9998460020677333, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:21:26.281] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:21:26.281] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:21:26.281] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:21:26.281] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:21:29.200] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25361 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50926.1727436513.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50926.1727436513.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T122128Z&X-Amz-Signature=31ac8f6d447197aa8186623b4b1d381d177534dffde221200c5857a5ac89e2de"} [2025-12-09 20:21:29.200] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:21:29.200] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:21:29.200] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:21:29.200] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:21:29.200] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:21:29.201] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:21:29.389] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50926.1727436513.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282889201, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 50926, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.999998095689725, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:21:29.389] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:21:29.389] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:21:29.389] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:21:29.389] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:21:32.311] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24265 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61701.1727518203.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61701.1727518203.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=6fd61d760936fceba8dca4e18a760e323b22d8ea9fdade816eca36cf9018638f&X-Amz-Date=20251209T122131Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:21:32.311] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:21:32.311] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:21:32.312] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:21:32.312] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:21:32.312] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:21:32.312] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:21:32.496] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61701.1727518203.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282892312, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 61701, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:21:32.496] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:21:32.496] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:21:32.496] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:21:32.496] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:21:35.424] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24266 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43322.1726308954.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43322.1726308954.jsonl?X-Amz-Date=20251209T122134Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=ff0549f6211ef0ba1c08df15948bc5eaf2df676801e586618dabd072a3f7985d"} [2025-12-09 20:21:35.424] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:21:35.424] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:21:35.425] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:21:35.425] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:21:35.425] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:21:35.425] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:21:35.611] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43322.1726308954.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282895425, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "218.26.55.102", "dest_ip": "10.0.4.15", "protocol": 6, "src_port": 43322, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9985696145136909, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:21:35.611] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:21:35.611] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:21:35.611] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:21:35.611] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:21:38.544] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25008 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63363.1727520066.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63363.1727520066.jsonl?X-Amz-Date=20251209T122138Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=dc3c32514d801dbbf6feb182f8404b1efcbc84a153236e5c7e41bb4fae3eddba"} [2025-12-09 20:21:38.544] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:21:38.544] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:21:38.544] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:21:38.544] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:21:38.544] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:21:38.545] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:21:38.729] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63363.1727520066.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282898545, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 63363, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:21:38.729] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:21:38.729] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:21:38.729] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:21:38.729] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:21:41.660] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25009 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50577.1727436132.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50577.1727436132.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251209T122141Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=95af2ef850130ed876ec4afc50069c4dad258f8d40fb2700395edb7ec8be096d"} [2025-12-09 20:21:41.660] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:21:41.660] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:21:41.660] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:21:41.660] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:21:41.660] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:21:41.661] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:21:41.848] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50577.1727436132.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282901661, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 50577, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:21:41.848] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:21:41.848] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:21:41.848] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:21:41.848] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:21:44.775] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25362 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62983.1727519640.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62983.1727519640.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T122144Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=d07bd86ad8458cf0359ab0d8e7dd94fb32ffd73eaac5705ab4c7869e0daec7e4"} [2025-12-09 20:21:44.775] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:21:44.775] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:21:44.775] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:21:44.775] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:21:44.775] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:21:44.776] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:21:44.999] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62983.1727519640.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282904776, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 62983, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999991931545127, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:21:44.999] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:21:44.999] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:21:44.999] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:21:44.999] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:21:47.894] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25010 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62820.1727519469.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62820.1727519469.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T122147Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=8b72d0ca7643f14508b4193ea00c815fbc932f51d4f05fbb1f43364d84e12e67&X-Amz-SignedHeaders=host"} [2025-12-09 20:21:47.894] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:21:47.894] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:21:47.894] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:21:47.894] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:21:47.894] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:21:47.894] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:21:48.077] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62820.1727519469.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282907894, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 62820, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:21:48.077] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:21:48.077] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:21:48.077] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:21:48.077] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:21:51.007] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24267 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43087_192-168-37-136_8080.1727255555.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43087_192-168-37-136_8080.1727255555.jsonl?X-Amz-Signature=d6796d50f0e3777e10353a4c52eed76504b0335dbf06b809d3548be426208ec2&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251209T122150Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:21:51.007] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:21:51.007] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:21:51.007] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:21:51.007] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:21:51.008] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:21:51.008] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:21:51.192] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43087_192-168-37-136_8080.1727255555.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282911008, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 43087, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:21:51.192] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:21:51.192] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:21:51.192] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:21:51.192] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:21:54.113] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25363 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62117.1727518668.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62117.1727518668.jsonl?X-Amz-Date=20251209T122153Z&X-Amz-Expires=604800&X-Amz-Signature=0e730d6c7f228152ae73d228df96d79b6db15fe0231c4a00e8203989abcfc7bb&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-09 20:21:54.113] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:21:54.113] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:21:54.113] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:21:54.113] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:21:54.113] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:21:54.114] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:21:54.302] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62117.1727518668.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282914114, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 62117, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.999999272528492, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:21:54.302] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:21:54.302] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:21:54.302] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:21:54.302] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:21:57.217] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25011 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50943.1727436530.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50943.1727436530.jsonl?X-Amz-Signature=17e0d713f49c8cf7f15c0780e027830ad5fea9ff9baf4f4d20b5c4018722d7a3&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T122156Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-09 20:21:57.217] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:21:57.217] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:21:57.218] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:21:57.218] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:21:57.218] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:21:57.218] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:21:57.406] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50943.1727436530.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282917218, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 50943, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999993068317785, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:21:57.406] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:21:57.406] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:21:57.406] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:21:57.406] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:22:00.339] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25012 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_4433_111-53-218-171_11104.1726283958.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_4433_111-53-218-171_11104.1726283958.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T122159Z&X-Amz-Signature=c34f332c0cd9b758b4894fe9b068ef8191e2caeb0f4074481037aa4f8071b557&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-09 20:22:00.339] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:22:00.339] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:22:00.339] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:22:00.339] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:22:00.339] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:22:00.340] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:22:00.527] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_4433_111-53-218-171_11104.1726283958.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282920340, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "111.53.218.171", "dest_ip": "10.0.4.15", "protocol": 6, "src_port": 11104, "dest_port": 4433, "y_pred": 2, "y_pred_proba_max": 0.9999932089351036, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:22:00.527] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:22:00.527] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:22:00.527] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:22:00.527] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:22:03.446] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25364 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41527_192-168-163-23_443.1726205287.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41527_192-168-163-23_443.1726205287.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T122202Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=9e6cf77fb0ea2894c82db6a3cecf8c54fc6c7e60b41aff11f835a6cfeb0a65f3&X-Amz-SignedHeaders=host"} [2025-12-09 20:22:03.446] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:22:03.446] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:22:03.447] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:22:03.447] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:22:03.447] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:22:03.447] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:22:03.634] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41527_192-168-163-23_443.1726205287.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282923447, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41527, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.999988532992616, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:22:03.634] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:22:03.634] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:22:03.634] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:22:03.634] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:22:06.569] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25365 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63525.1727520238.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63525.1727520238.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=7747ad804130b74fa11003109294497e5ff394fd8ad6a4fea873f21a6eaa8329&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T122206Z"} [2025-12-09 20:22:06.569] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:22:06.569] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:22:06.569] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:22:06.569] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:22:06.569] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:22:06.570] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:22:06.757] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63525.1727520238.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282926570, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 63525, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999982205400834, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:22:06.757] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:22:06.757] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:22:06.757] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:22:06.757] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:22:09.689] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24268 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62968.1727519627.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62968.1727519627.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=b7d4216ba810f37f0bf9b131479cec6c056b4ecce4b6600c2a4c921eebb8306c&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T122209Z"} [2025-12-09 20:22:09.689] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:22:09.689] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:22:09.690] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:22:09.690] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:22:09.690] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:22:09.690] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:22:09.878] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62968.1727519627.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282929690, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 62968, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999994164457416, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:22:09.878] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:22:09.878] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:22:09.878] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:22:09.878] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:22:12.811] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25013 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50920.1727436507.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50920.1727436507.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=e5d6caf029adb5117a15bafff5417b105dc56848cc394a15bfbdab96079444b2&X-Amz-Date=20251209T122212Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-09 20:22:12.811] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:22:12.811] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:22:12.811] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:22:12.812] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:22:12.812] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:22:12.812] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:22:13.001] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50920.1727436507.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282932813, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 50920, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999998116072133, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:22:13.001] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:22:13.001] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:22:13.001] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:22:13.001] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:22:15.922] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25014 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62099.1727518652.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62099.1727518652.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=c768898b36d52e14b823b5409ab7c73158eeeec29c951e56d1510ef14cedc2f3&X-Amz-Date=20251209T122215Z&X-Amz-SignedHeaders=host"} [2025-12-09 20:22:15.922] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:22:15.922] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:22:15.922] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:22:15.922] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:22:15.923] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:22:15.923] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:22:16.113] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62099.1727518652.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282935924, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 62099, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999990782895907, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:22:16.113] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:22:16.113] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:22:16.113] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:22:16.113] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:22:19.043] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25366 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41851_192-168-163-23_443.1726206852.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41851_192-168-163-23_443.1726206852.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T122218Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=4e6ac709ba6b320a548c91e9f943a16ce22f676f81d62f8f832424a4acc86847"} [2025-12-09 20:22:19.043] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:22:19.043] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:22:19.044] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:22:19.044] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:22:19.044] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:22:19.044] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:22:19.266] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41851_192-168-163-23_443.1726206852.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282939044, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41851, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9999556955778931, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:22:19.266] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:22:19.266] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:22:19.266] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:22:19.266] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:22:22.161] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25015 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40759_192-168-37-136_8443.1727405709.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40759_192-168-37-136_8443.1727405709.jsonl?X-Amz-Date=20251209T122221Z&X-Amz-SignedHeaders=host&X-Amz-Signature=45ce6c5d629899d605209cc523714bcc5a197fa8a84fab88b99b13613929aed9&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-09 20:22:22.161] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:22:22.161] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:22:22.162] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:22:22.162] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:22:22.162] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:22:22.162] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:22:22.348] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40759_192-168-37-136_8443.1727405709.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282942162, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 40759, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9999764077095253, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:22:22.348] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:22:22.348] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:22:22.348] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:22:22.348] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:22:25.285] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25016 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_4433_111-53-218-171_11105.1726283996.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_4433_111-53-218-171_11105.1726283996.jsonl?X-Amz-Date=20251209T122224Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=6e1faa350bbce1d3f857bb2f2b4b376cf2e1d248572d3dd87d3f3afa80a4924b&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-09 20:22:25.285] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:22:25.285] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:22:25.285] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:22:25.285] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:22:25.285] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:22:25.286] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:22:25.472] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_4433_111-53-218-171_11105.1726283996.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282945286, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "111.53.218.171", "dest_ip": "10.0.4.15", "protocol": 6, "src_port": 11105, "dest_port": 4433, "y_pred": 2, "y_pred_proba_max": 0.9999984875048314, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:22:25.472] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:22:25.472] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:22:25.472] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:22:25.472] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:22:28.389] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24269 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40638_192-168-37-136_8443.1727405654.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40638_192-168-37-136_8443.1727405654.jsonl?X-Amz-Date=20251209T122227Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=d5b659941d33c7bae0a9aa35a04699511dfbdc7281d7f92b8ae491018e20db66"} [2025-12-09 20:22:28.389] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:22:28.389] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:22:28.389] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:22:28.389] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:22:28.389] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:22:28.390] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:22:28.576] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40638_192-168-37-136_8443.1727405654.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282948390, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 40638, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9999861625471376, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:22:28.576] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:22:28.576] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:22:28.576] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:22:28.576] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:22:31.491] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25017 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43069_192-168-37-136_8080.1727255551.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43069_192-168-37-136_8080.1727255551.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=e6b2cc583788bb10fa679f3e910c56ec52c5520a8845ac95c29d0ccd9442b3e5&X-Amz-Date=20251209T122230Z"} [2025-12-09 20:22:31.491] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:22:31.491] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:22:31.492] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:22:31.492] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:22:31.492] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:22:31.492] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:22:31.676] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43069_192-168-37-136_8080.1727255551.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282951492, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 43069, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:22:31.676] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:22:31.676] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:22:31.676] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:22:31.676] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:22:34.594] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25367 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43064_192-168-37-136_8080.1727255542.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43064_192-168-37-136_8080.1727255542.jsonl?X-Amz-Date=20251209T122234Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=de9f65f40856d5179e1fdef61e0657da9afae16e02dbd1664bcb39bab15d1de3"} [2025-12-09 20:22:34.594] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:22:34.594] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:22:34.594] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:22:34.594] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:22:34.594] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:22:34.595] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:22:34.779] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43064_192-168-37-136_8080.1727255542.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282954595, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 43064, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:22:34.779] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:22:34.779] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:22:34.779] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:22:34.779] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:22:37.705] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25368 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43068_192-168-37-136_8080.1727255548.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43068_192-168-37-136_8080.1727255548.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=01cafd5c1685c555d82d6b09bae400943be3486eb5d5c33b89108f0e8782c665&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T122237Z"} [2025-12-09 20:22:37.705] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:22:37.705] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:22:37.705] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:22:37.705] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:22:37.705] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:22:37.706] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:22:37.890] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43068_192-168-37-136_8080.1727255548.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282957706, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 43068, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:22:37.890] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:22:37.890] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:22:37.890] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:22:37.890] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:22:40.806] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25369 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43067_192-168-37-136_8080.1727255545.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43067_192-168-37-136_8080.1727255545.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=5daefb359b34c9f428bcd7bef35253b564f62a1b219de06796143e0e94b86871&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T122240Z&X-Amz-SignedHeaders=host"} [2025-12-09 20:22:40.806] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:22:40.806] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:22:40.806] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:22:40.806] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:22:40.806] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:22:40.807] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:22:40.993] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43067_192-168-37-136_8080.1727255545.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282960807, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 43067, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:22:40.993] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:22:40.993] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:22:40.993] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:22:40.993] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:22:43.918] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25018 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43062_192-168-37-136_8080.1727255540.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43062_192-168-37-136_8080.1727255540.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=f432156474261507534e671a81c804a2aa0c2fa075bdc7371ed404861aadd50c&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T122243Z"} [2025-12-09 20:22:43.918] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:22:43.918] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:22:43.918] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:22:43.918] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:22:43.919] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:22:43.919] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:22:44.103] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43062_192-168-37-136_8080.1727255540.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282963919, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 43062, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:22:44.103] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:22:44.103] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:22:44.103] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:22:44.103] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:22:47.036] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25370 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62923_172-28-211-96_8443.1726646667.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62923_172-28-211-96_8443.1726646667.jsonl?X-Amz-Date=20251209T122246Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=eb9d6773f03c0c71ae2281f8f5feaacbcea7a5a22d3ca92e7e828caff038a6b2&X-Amz-SignedHeaders=host"} [2025-12-09 20:22:47.036] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:22:47.036] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:22:47.037] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:22:47.037] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:22:47.037] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:22:47.037] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:22:47.219] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62923_172-28-211-96_8443.1726646667.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282967037, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62923, "dest_port": 8443, "y_pred": 2, "y_pred_proba_max": 0.9999986556426316, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:22:47.219] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:22:47.219] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:22:47.219] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:22:47.219] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:22:50.151] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25019 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62948_172-28-211-96_8443.1726646799.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62948_172-28-211-96_8443.1726646799.jsonl?X-Amz-Signature=2d628bf0ef93448a1df1e57290ad164dd396f1714633ded70aa20271f799e32a&X-Amz-Date=20251209T122249Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-09 20:22:50.151] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:22:50.151] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:22:50.151] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:22:50.151] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:22:50.151] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:22:50.151] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:22:50.347] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62948_172-28-211-96_8443.1726646799.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282970152, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62948, "dest_port": 8443, "y_pred": 2, "y_pred_proba_max": 0.9999846195871893, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:22:50.347] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:22:50.347] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:22:50.347] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:22:50.347] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:22:53.265] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25371 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43393_192-168-37-136_8443.1727255879.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43393_192-168-37-136_8443.1727255879.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=02bda5960527c6ec3bf06bf58b024928dfceca69580bc574c8d02649fe52a7c9&X-Amz-Date=20251209T122252Z"} [2025-12-09 20:22:53.265] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:22:53.265] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:22:53.265] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:22:53.265] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:22:53.265] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:22:53.265] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:22:53.479] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43393_192-168-37-136_8443.1727255879.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282973265, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 43393, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9999850712661191, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:22:53.479] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:22:53.479] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:22:53.479] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:22:53.479] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:22:56.368] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24270 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_4433_111-53-218-171_11103.1726283937.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_4433_111-53-218-171_11103.1726283937.jsonl?X-Amz-Date=20251209T122255Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=d8125e6f31f321b226a1dbc5abd5742dfa4d9829ab493d9959036d9a0008aa9f&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:22:56.369] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:22:56.369] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:22:56.369] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:22:56.369] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:22:56.369] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:22:56.369] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:22:56.554] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_4433_111-53-218-171_11103.1726283937.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282976369, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "111.53.218.171", "dest_ip": "10.0.4.15", "protocol": 6, "src_port": 11103, "dest_port": 4433, "y_pred": 2, "y_pred_proba_max": 0.999990324565601, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:22:56.554] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:22:56.554] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:22:56.554] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:22:56.554] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:22:59.488] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25372 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID76_godzilla_4.01_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_36032_192-168-17-132_443.1726129392.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID76_godzilla_4.01_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_36032_192-168-17-132_443.1726129392.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T122258Z&X-Amz-Expires=604800&X-Amz-Signature=36d4116e933f062c2656fa9b2d7a75bd07157113fa2963cc982fad50f8d4b8c8&X-Amz-SignedHeaders=host"} [2025-12-09 20:22:59.488] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:22:59.488] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:22:59.489] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:22:59.489] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:22:59.489] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:22:59.489] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:22:59.675] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID76_godzilla_4.01_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_36032_192-168-17-132_443.1726129392.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282979489, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.17.1", "dest_ip": "192.168.17.132", "protocol": 6, "src_port": 36032, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9994291672420103, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:22:59.675] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:22:59.675] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:22:59.675] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:22:59.675] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:23:02.607] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25373 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40754_192-168-37-136_8443.1727405702.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40754_192-168-37-136_8443.1727405702.jsonl?X-Amz-Signature=019c1fad9e9a6b1f3c0d1c50a37057758ec512b89b4fe046061fbc8d7438ab81&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251209T122302Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:23:02.607] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:23:02.607] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:23:02.608] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:23:02.608] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:23:02.608] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:23:02.608] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:23:02.802] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40754_192-168-37-136_8443.1727405702.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282982608, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 40754, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9999508405127174, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:23:02.802] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:23:02.802] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:23:02.802] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:23:02.802] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:23:05.721] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25020 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43400_192-168-37-136_8443.1727255881.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43400_192-168-37-136_8443.1727255881.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T122305Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=71dce9bb946d0a1c337928ae7faa928c9e7ae90304543ddd00f2136ab5dcbc95"} [2025-12-09 20:23:05.721] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:23:05.721] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:23:05.721] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:23:05.721] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:23:05.721] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:23:05.722] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:23:05.907] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43400_192-168-37-136_8443.1727255881.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282985722, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 43400, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.999986714697859, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:23:05.907] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:23:05.907] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:23:05.907] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:23:05.907] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:23:08.842] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25374 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43402_192-168-37-136_8443.1727255889.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43402_192-168-37-136_8443.1727255889.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T122308Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=74865adbf4318a8f6fc2e39cb0a221e5a14a10e5bb413b541910f07037af6279"} [2025-12-09 20:23:08.843] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:23:08.843] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:23:08.843] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:23:08.843] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:23:08.843] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:23:08.844] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:23:09.032] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43402_192-168-37-136_8443.1727255889.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282988844, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 43402, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9999884025457922, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:23:09.032] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:23:09.032] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:23:09.032] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:23:09.032] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:23:11.960] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25021 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40732_192-168-37-136_8443.1727405688.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40732_192-168-37-136_8443.1727405688.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=6f4b6fa3f1e264b277d2f1dbd139003f3490c817ea7530f5e485765788b28428&X-Amz-Date=20251209T122311Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:23:11.961] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:23:11.961] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:23:11.961] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:23:11.961] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:23:11.961] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:23:11.961] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:23:12.147] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40732_192-168-37-136_8443.1727405688.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282991961, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 40732, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9999956356287028, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:23:12.147] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:23:12.147] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:23:12.147] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:23:12.147] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:23:15.067] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25375 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40747_192-168-37-136_8443.1727405701.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40747_192-168-37-136_8443.1727405701.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T122314Z&X-Amz-Expires=604800&X-Amz-Signature=60325cbf94bdf7175628eba57eed8e04ed352433f46b6928c6b476f3c1abd2a1"} [2025-12-09 20:23:15.067] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:23:15.067] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:23:15.068] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:23:15.068] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:23:15.068] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:23:15.068] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:23:15.254] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40747_192-168-37-136_8443.1727405701.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282995068, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 40747, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9999818846354278, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:23:15.254] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:23:15.254] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:23:15.254] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:23:15.254] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:23:18.185] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24271 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62962_172-28-211-96_8443.1726646945.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62962_172-28-211-96_8443.1726646945.jsonl?X-Amz-Signature=bf9b40f166d2e18c43898531c51f80096f8fda907ad33946ac462231bd0eb380&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T122317Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:23:18.185] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:23:18.185] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:23:18.185] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:23:18.185] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:23:18.185] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:23:18.186] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:23:18.373] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62962_172-28-211-96_8443.1726646945.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765282998187, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62962, "dest_port": 8443, "y_pred": 2, "y_pred_proba_max": 0.972594550524513, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:23:18.373] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:23:18.373] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:23:18.373] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:23:18.373] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:23:21.294] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25022 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40756_192-168-37-136_8443.1727405704.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40756_192-168-37-136_8443.1727405704.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=19357809fb5ade74a19dd8a35ec0cca2476edd8f3c8bfae35ed70ad98ec83141&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T122320Z"} [2025-12-09 20:23:21.295] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:23:21.295] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:23:21.295] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:23:21.295] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:23:21.295] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:23:21.295] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:23:21.482] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40756_192-168-37-136_8443.1727405704.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283001295, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 40756, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.999993115660779, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:23:21.482] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:23:21.482] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:23:21.482] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:23:21.482] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:23:24.411] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25023 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40633_192-168-37-136_8443.1727405643.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40633_192-168-37-136_8443.1727405643.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T122323Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=9bcdcc5a85e9b90eb8bc77fad5e4abb4c3c8f3a3e486d480a9c40c34abe87551"} [2025-12-09 20:23:24.412] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:23:24.412] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:23:24.412] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:23:24.412] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:23:24.412] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:23:24.413] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:23:24.598] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40633_192-168-37-136_8443.1727405643.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283004413, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 40633, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9999895142193123, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:23:24.598] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:23:24.598] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:23:24.598] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:23:24.598] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:23:27.535] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24272 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50447.1727159684.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50447.1727159684.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T122327Z&X-Amz-Signature=b16c1609b31605704f028a794238caf6e51a5c9831916e60a9cdd358d68c4097&X-Amz-Expires=604800"} [2025-12-09 20:23:27.536] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:23:27.536] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:23:27.536] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:23:27.536] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:23:27.536] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:23:27.537] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:23:27.721] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50447.1727159684.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283007537, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50447, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9948477535374655, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:23:27.721] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:23:27.721] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:23:27.721] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:23:27.721] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:23:30.653] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25376 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40634_192-168-37-136_8443.1727405644.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40634_192-168-37-136_8443.1727405644.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T122330Z&X-Amz-Signature=d0aa81ea1ecaaa28a3e521bd0f8a585539a2cdca830a5c2eb0bde6a356ec5e21&X-Amz-SignedHeaders=host"} [2025-12-09 20:23:30.654] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:23:30.654] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:23:30.654] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:23:30.654] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:23:30.654] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:23:30.654] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:23:30.839] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40634_192-168-37-136_8443.1727405644.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283010654, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 40634, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9999888677809735, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:23:30.839] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:23:30.839] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:23:30.839] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:23:30.840] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:23:33.772] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25377 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40632_192-168-37-136_8443.1727405641.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40632_192-168-37-136_8443.1727405641.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=d06955771f7646e46bf5e68472d1409ba0d4a50ba895194a0dac07b27b09cf22&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T122333Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-09 20:23:33.772] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:23:33.772] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:23:33.773] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:23:33.773] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:23:33.773] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:23:33.774] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:23:33.959] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40632_192-168-37-136_8443.1727405641.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283013774, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 40632, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9999869549610207, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:23:33.959] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:23:33.959] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:23:33.959] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:23:33.959] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:23:36.885] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24273 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40636_192-168-37-136_8443.1727405649.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40636_192-168-37-136_8443.1727405649.jsonl?X-Amz-Date=20251209T122336Z&X-Amz-Signature=d004210e789aa044daf88fc1ade17af83eaf84d3d6a6bbaeef940029ce28cc8a&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-09 20:23:36.886] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:23:36.886] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:23:36.886] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:23:36.886] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:23:36.886] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:23:36.886] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:23:37.070] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40636_192-168-37-136_8443.1727405649.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283016886, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 40636, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9999585619910507, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:23:37.070] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:23:37.070] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:23:37.070] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:23:37.070] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:23:39.996] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25378 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62615_172-28-211-96_8080.1726644178.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62615_172-28-211-96_8080.1726644178.jsonl?X-Amz-Date=20251209T122339Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=5607ce8b4d7337d3ebd8ad124a3f482fb85bb107a1ed0235ce1f9d3a1be56bd8&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:23:39.996] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:23:39.996] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:23:39.996] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:23:39.997] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:23:39.997] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:23:39.997] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:23:40.181] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62615_172-28-211-96_8080.1726644178.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283019997, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62615, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:23:40.181] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:23:40.181] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:23:40.181] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:23:40.181] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:23:43.117] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25024 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62612_172-28-211-96_8080.1726644151.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62612_172-28-211-96_8080.1726644151.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=d4e781986f1e7a1b571dbc0edf65f7f8b286e0072a20a892fb2537406e4ecbb2&X-Amz-Date=20251209T122342Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-09 20:23:43.117] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:23:43.117] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:23:43.117] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:23:43.117] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:23:43.117] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:23:43.118] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:23:43.301] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62612_172-28-211-96_8080.1726644151.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283023118, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62612, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:23:43.301] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:23:43.301] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:23:43.301] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:23:43.301] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:23:46.229] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25025 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62633_172-28-211-96_8080.1726644320.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62633_172-28-211-96_8080.1726644320.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=921cd25215d0f5657578d6e4e452b2121e61f5d53c68409b73ad7620883fcd5e&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T122345Z&X-Amz-SignedHeaders=host"} [2025-12-09 20:23:46.229] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:23:46.229] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:23:46.230] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:23:46.230] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:23:46.230] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:23:46.231] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:23:46.414] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62633_172-28-211-96_8080.1726644320.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283026231, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62633, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:23:46.414] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:23:46.414] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:23:46.414] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:23:46.414] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:23:49.334] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25379 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55620_192-168-112-135_443.1727254933.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55620_192-168-112-135_443.1727254933.jsonl?X-Amz-Date=20251209T122348Z&X-Amz-Signature=6bd2c647f233509f923694f8922e2853a516e469a949b03d18392be84f6bcb26&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:23:49.334] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:23:49.334] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:23:49.334] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:23:49.334] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:23:49.334] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:23:49.335] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:23:49.555] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55620_192-168-112-135_443.1727254933.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283029335, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 55620, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9998739421451495, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:23:49.555] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:23:49.555] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:23:49.555] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:23:49.555] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:23:52.447] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25380 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63532.1727520246.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63532.1727520246.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=0a6e8d1bbb53324778fe5ecfc6bbcb236c3289f3f4e3958c99b3c8f1eba036c9&X-Amz-Date=20251209T122351Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:23:52.447] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:23:52.447] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:23:52.447] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:23:52.447] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:23:52.447] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:23:52.447] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:23:52.635] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63532.1727520246.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283032447, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 63532, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999883040487229, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:23:52.635] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:23:52.635] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:23:52.635] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:23:52.635] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:23:55.551] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24274 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63530.1727520244.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63530.1727520244.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=6b29b0bbe3d51b9166d0889dca9c6e8d6c411748a8e0699696cb94a006fc4253&X-Amz-Date=20251209T122355Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:23:55.552] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:23:55.552] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:23:55.552] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:23:55.552] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:23:55.552] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:23:55.552] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:23:55.740] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63530.1727520244.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283035552, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 63530, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999972860478558, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:23:55.740] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:23:55.740] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:23:55.740] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:23:55.740] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:23:58.662] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24275 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62638_172-28-211-96_8080.1726644371.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62638_172-28-211-96_8080.1726644371.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T122358Z&X-Amz-Signature=7a467ba7db6f5fbc22ca9907d7d0dfb220965af642cafd09bcc73542954937bc&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:23:58.662] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:23:58.662] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:23:58.663] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:23:58.663] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:23:58.663] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:23:58.664] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:23:58.844] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62638_172-28-211-96_8080.1726644371.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283038664, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62638, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:23:58.844] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:23:58.844] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:23:58.844] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:23:58.844] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:24:01.782] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25026 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40630_192-168-37-136_8443.1727405639.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40630_192-168-37-136_8443.1727405639.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251209T122401Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=7dc80f470dea86ed692439d1fd149cdfb5f94352c8f988006e571ff9221cd7d7"} [2025-12-09 20:24:01.782] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:24:01.782] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:24:01.782] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:24:01.782] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:24:01.782] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:24:01.783] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:24:01.968] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40630_192-168-37-136_8443.1727405639.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283041783, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 40630, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9999890158327207, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:24:01.968] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:24:01.968] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:24:01.968] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:24:01.968] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:24:04.898] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25381 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62747_172-28-211-96_8443.1726645204.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62747_172-28-211-96_8443.1726645204.jsonl?X-Amz-Date=20251209T122404Z&X-Amz-Signature=88aab3648624ed7ce77fe37dd7a71910bf4d14c4f2da1413c6843acb443e1b73&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-09 20:24:04.898] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:24:04.898] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:24:04.898] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:24:04.898] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:24:04.898] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:24:04.899] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:24:05.084] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62747_172-28-211-96_8443.1726645204.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283044899, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62747, "dest_port": 8443, "y_pred": 2, "y_pred_proba_max": 0.9997218385332213, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:24:05.084] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:24:05.084] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:24:05.084] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:24:05.084] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:24:08.010] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25382 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62761_172-28-211-96_8443.1726645354.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62761_172-28-211-96_8443.1726645354.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251209T122407Z&X-Amz-Signature=9034dc71ef02aa3ec20f580cbce1360c664999c5c9fb897a9a2ed4058095beaa&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:24:08.010] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:24:08.010] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:24:08.010] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:24:08.010] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:24:08.010] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:24:08.011] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:24:08.196] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62761_172-28-211-96_8443.1726645354.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283048011, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62761, "dest_port": 8443, "y_pred": 2, "y_pred_proba_max": 0.9999815986379271, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:24:08.196] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:24:08.196] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:24:08.196] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:24:08.196] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:24:11.123] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25383 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62763_172-28-211-96_8443.1726645377.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62763_172-28-211-96_8443.1726645377.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=bfbd5e71255eb96fc39d3e5f0bf2a8e8c74492ab930fa62db5b4e156efe79777&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251209T122410Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:24:11.123] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:24:11.123] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:24:11.123] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:24:11.123] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:24:11.123] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:24:11.123] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:24:11.309] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62763_172-28-211-96_8443.1726645377.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283051124, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62763, "dest_port": 8443, "y_pred": 2, "y_pred_proba_max": 0.9999430013258271, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:24:11.309] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:24:11.309] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:24:11.309] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:24:11.309] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:24:14.246] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25027 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62769_172-28-211-96_8443.1726645414.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62769_172-28-211-96_8443.1726645414.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T122413Z&X-Amz-Expires=604800&X-Amz-Signature=ee120443b8d21b3ef89ad967a03b5c333e3f82bda21041472fc773fb6e2ba16a"} [2025-12-09 20:24:14.246] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:24:14.246] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:24:14.247] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:24:14.247] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:24:14.247] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:24:14.247] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:24:14.437] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62769_172-28-211-96_8443.1726645414.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283054247, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62769, "dest_port": 8443, "y_pred": 2, "y_pred_proba_max": 0.9999401061706084, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:24:14.437] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:24:14.437] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:24:14.437] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:24:14.437] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:24:17.359] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25384 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62759_172-28-211-96_8443.1726645333.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62759_172-28-211-96_8443.1726645333.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T122416Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=a0c30895145df1c8918770e5dce3db1ef01334b951158fbcfcaad06089c549bf"} [2025-12-09 20:24:17.359] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:24:17.359] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:24:17.359] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:24:17.359] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:24:17.359] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:24:17.360] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:24:17.547] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62759_172-28-211-96_8443.1726645333.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283057360, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62759, "dest_port": 8443, "y_pred": 2, "y_pred_proba_max": 0.99980192794154, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:24:17.547] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:24:17.547] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:24:17.547] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:24:17.547] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:24:20.479] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24276 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62768_172-28-211-96_8443.1726645401.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62768_172-28-211-96_8443.1726645401.jsonl?X-Amz-Date=20251209T122420Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=4d92f3dec98a0942f5d7e2321cea9e5a5147daa82d9867f3c7b760b785fcbe24&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:24:20.480] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:24:20.480] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:24:20.480] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:24:20.480] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:24:20.480] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:24:20.481] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:24:20.666] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62768_172-28-211-96_8443.1726645401.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283060481, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62768, "dest_port": 8443, "y_pred": 2, "y_pred_proba_max": 0.9999728326558567, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:24:20.666] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:24:20.666] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:24:20.666] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:24:20.666] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:24:23.583] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25028 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_cat.pcap.TCP_192-168-52-1_11809_192-168-52-129_443.1726018281.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_cat.pcap.TCP_192-168-52-1_11809_192-168-52-129_443.1726018281.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T122423Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=2b06225e132a862717d1fa3944c6ffc9a3b865f240881629546614063c227ca0"} [2025-12-09 20:24:23.584] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:24:23.584] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:24:23.584] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:24:23.584] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:24:23.584] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:24:23.584] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:24:23.803] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_cat.pcap.TCP_192-168-52-1_11809_192-168-52-129_443.1726018281.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283063584, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 11809, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999992513735558, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:24:23.803] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:24:23.803] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:24:23.803] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:24:23.803] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:24:26.689] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24277 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_cat.pcap.TCP_192-168-52-1_12308_192-168-52-129_443.1726018582.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_cat.pcap.TCP_192-168-52-1_12308_192-168-52-129_443.1726018582.jsonl?X-Amz-Expires=604800&X-Amz-Signature=c91aa30b21531736618b233b276a0bc3071b0be2799d6ef8330924cf288cbd8d&X-Amz-Date=20251209T122426Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:24:26.689] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:24:26.689] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:24:26.690] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:24:26.690] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:24:26.690] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:24:26.690] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:24:26.877] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_cat.pcap.TCP_192-168-52-1_12308_192-168-52-129_443.1726018582.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283066690, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 12308, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999941347237843, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:24:26.877] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:24:26.877] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:24:26.877] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:24:26.877] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:24:29.809] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25029 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41731_192-168-163-23_80.1726206221.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41731_192-168-163-23_80.1726206221.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=6fc496b89f64e7e741807c5e63d1e29564f7dd50ca7c11d50e404877ed83e22e&X-Amz-Date=20251209T122429Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-09 20:24:29.809] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:24:29.809] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:24:29.809] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:24:29.809] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:24:29.809] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:24:29.810] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:24:29.993] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41731_192-168-163-23_80.1726206221.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283069810, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41731, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:24:29.993] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:24:29.993] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:24:29.993] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:24:29.993] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:24:32.926] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24278 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41374_192-168-163-23_80.1726204412.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41374_192-168-163-23_80.1726204412.jsonl?X-Amz-Date=20251209T122432Z&X-Amz-Signature=82d231170e55a37fcd49b2112881da6536b7aaf51af92cb7279d3f29782c37ba&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-09 20:24:32.926] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:24:32.926] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:24:32.926] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:24:32.926] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:24:32.926] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:24:32.926] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:24:33.109] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41374_192-168-163-23_80.1726204412.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283072926, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41374, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:24:33.109] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:24:33.109] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:24:33.109] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:24:33.109] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:24:36.050] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25030 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.TCP_192-168-52-1_42745_192-168-52-129_443.1726042680.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.TCP_192-168-52-1_42745_192-168-52-129_443.1726042680.jsonl?X-Amz-Date=20251209T122435Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=ac67d95174dabbe87ebdb016f10f833422ad461a8e808e6b9beac147f120a6b8&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:24:36.050] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:24:36.050] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:24:36.050] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:24:36.050] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:24:36.051] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:24:36.051] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:24:36.236] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.TCP_192-168-52-1_42745_192-168-52-129_443.1726042680.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283076051, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 42745, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999926109927832, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:24:36.236] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:24:36.236] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:24:36.236] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:24:36.236] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:24:39.176] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25031 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_cat.pcap.TCP_192-168-52-1_42875_192-168-52-129_443.1726042781.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_cat.pcap.TCP_192-168-52-1_42875_192-168-52-129_443.1726042781.jsonl?X-Amz-Signature=ff02fad86158cabac25a35d397f9162f9af1acee88b6a294a9510b1b86728b68&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T122438Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 20:24:39.176] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:24:39.176] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:24:39.176] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:24:39.176] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:24:39.176] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:24:39.177] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:24:39.365] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_cat.pcap.TCP_192-168-52-1_42875_192-168-52-129_443.1726042781.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283079178, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 42875, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999940526470186, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:24:39.365] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:24:39.365] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:24:39.365] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:24:39.365] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:24:42.289] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25385 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55632_192-168-112-135_443.1727254937.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55632_192-168-112-135_443.1727254937.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251209T122441Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=3aefcccd159bb7f5d3490ea7d294d61057ecce4cf0e089f8f10a9ebbae83b66e"} [2025-12-09 20:24:42.289] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:24:42.289] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:24:42.289] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:24:42.289] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:24:42.289] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:24:42.290] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:24:42.476] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55632_192-168-112-135_443.1727254937.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283082290, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 55632, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9997803820183112, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:24:42.476] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:24:42.476] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:24:42.476] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:24:42.476] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:24:45.401] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24279 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55606_192-168-112-135_443.1727254929.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55606_192-168-112-135_443.1727254929.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251209T122444Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=048f3c569eec8da0c620a8b7c11e513332f334ae3508d081dfe614f42a704b93"} [2025-12-09 20:24:45.401] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:24:45.401] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:24:45.401] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:24:45.401] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:24:45.401] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:24:45.402] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:24:45.588] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55606_192-168-112-135_443.1727254929.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283085402, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 55606, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9997664093829481, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:24:45.588] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:24:45.588] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:24:45.588] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:24:45.588] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:24:48.504] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25386 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55638_192-168-112-135_443.1727254941.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55638_192-168-112-135_443.1727254941.jsonl?X-Amz-Date=20251209T122448Z&X-Amz-Signature=1a94a5343109ca917e6161951f3a094d370dcb907d29998378b5757fad4b6193&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-09 20:24:48.505] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:24:48.505] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:24:48.505] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:24:48.505] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:24:48.505] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:24:48.505] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:24:48.692] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55638_192-168-112-135_443.1727254941.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283088505, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 55638, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9998024162068299, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:24:48.692] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:24:48.692] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:24:48.692] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:24:48.692] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:24:51.619] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25032 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_https_cat.pcap.TCP_192-168-52-1_41055_192-168-52-129_443.1726041749.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_https_cat.pcap.TCP_192-168-52-1_41055_192-168-52-129_443.1726041749.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=0fdc72e912d61f3c1e5a1277db75ce0951a4b8befa24510514574d217bb334f7&X-Amz-Date=20251209T122451Z"} [2025-12-09 20:24:51.619] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:24:51.619] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:24:51.620] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:24:51.620] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:24:51.620] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:24:51.620] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:24:51.806] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_https_cat.pcap.TCP_192-168-52-1_41055_192-168-52-129_443.1726041749.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283091620, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 41055, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999954480615826, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:24:51.807] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:24:51.807] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:24:51.807] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:24:51.807] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:24:54.739] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24280 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55626_192-168-112-135_443.1727254935.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55626_192-168-112-135_443.1727254935.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251209T122454Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=5259c312a4358505599e78b48205eb5979e0b6612360b85247a9653f414d871c&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:24:54.739] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:24:54.739] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:24:54.739] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:24:54.739] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:24:54.739] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:24:54.739] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:24:54.926] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55626_192-168-112-135_443.1727254935.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283094740, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 55626, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9998559497774789, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:24:54.927] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:24:54.927] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:24:54.927] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:24:54.927] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:24:57.863] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25387 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55641_192-168-112-135_443.1727254943.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55641_192-168-112-135_443.1727254943.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=dd1f23bdc7ad27e93d05f9c7dab90bf9c4a1fdd140ba13784d142644ee84f15b&X-Amz-Date=20251209T122457Z&X-Amz-Expires=604800"} [2025-12-09 20:24:57.863] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:24:57.863] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:24:57.864] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:24:57.864] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:24:57.864] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:24:57.864] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:24:58.084] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55641_192-168-112-135_443.1727254943.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283097864, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 55641, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9998248253629146, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:24:58.085] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:24:58.085] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:24:58.085] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:24:58.085] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:25:00.978] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25388 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54132_192-168-37-136_8080.1727405500.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54132_192-168-37-136_8080.1727405500.jsonl?X-Amz-Date=20251209T122500Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=a36f0cfe391e86e9480003ef297740462dafc2bff39d6f8f4242841f0b6070d0&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:25:00.979] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:25:00.979] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:25:00.979] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:25:00.979] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:25:00.979] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:25:00.979] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:25:01.163] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54132_192-168-37-136_8080.1727405500.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283100979, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 54132, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:25:01.163] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:25:01.163] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:25:01.164] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:25:01.164] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:25:04.080] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25033 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36459_192-168-37-136_8080.1727405543.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36459_192-168-37-136_8080.1727405543.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=96e794a0348430bde3d4e3a3e745d8b8e9f77710ed2907572287ffa962b60087&X-Amz-Date=20251209T122503Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:25:04.080] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:25:04.080] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:25:04.080] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:25:04.080] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:25:04.080] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:25:04.081] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:25:04.269] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36459_192-168-37-136_8080.1727405543.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283104081, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 36459, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:25:04.269] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:25:04.269] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:25:04.269] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:25:04.269] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:25:07.191] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25389 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50558.1727436116.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50558.1727436116.jsonl?X-Amz-Signature=ab2c869f66bd035f3e97c2b6045ab9c26cf00fd1626b783443b26eb26f2b3f56&X-Amz-Date=20251209T122506Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:25:07.191] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:25:07.191] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:25:07.191] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:25:07.191] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:25:07.191] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:25:07.192] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:25:07.377] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50558.1727436116.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283107192, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 50558, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:25:07.377] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:25:07.377] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:25:07.377] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:25:07.377] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:25:10.309] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25390 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63543.1727520254.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63543.1727520254.jsonl?X-Amz-Signature=6cdd7c6ad21448ae5220f64c994e3a6cb297e7b64d5af4908c120f70eba63da4&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251209T122509Z"} [2025-12-09 20:25:10.309] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:25:10.309] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:25:10.310] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:25:10.310] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:25:10.310] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:25:10.310] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:25:10.498] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63543.1727520254.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283110310, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 63543, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999967668108191, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:25:10.498] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:25:10.498] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:25:10.498] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:25:10.498] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:25:13.420] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25391 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61686.1727518189.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61686.1727518189.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251209T122512Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=0e816a4026bd5aca15bcc95cd8bb7ba5f3ec171d101f702eb1a7124df75fd1ce&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:25:13.420] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:25:13.420] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:25:13.420] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:25:13.420] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:25:13.420] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:25:13.420] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:25:13.605] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61686.1727518189.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283113420, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 61686, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:25:13.605] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:25:13.605] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:25:13.605] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:25:13.605] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:25:16.523] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25392 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53571_192-168-112-135_443.1726624889.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53571_192-168-112-135_443.1726624889.jsonl?X-Amz-Signature=83b3b9b9c612d103cfb36a2513f45362f1013656b6eddb440cdda82640837c9e&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T122516Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:25:16.523] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:25:16.523] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:25:16.523] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:25:16.524] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:25:16.524] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:25:16.524] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:25:16.711] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53571_192-168-112-135_443.1726624889.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283116524, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53571, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999687210973073, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:25:16.711] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:25:16.711] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:25:16.711] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:25:16.711] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:25:19.638] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25393 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_cat.pcap.TCP_192-168-52-1_13386_192-168-52-129_80.1726193434.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_cat.pcap.TCP_192-168-52-1_13386_192-168-52-129_80.1726193434.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=19cb5e7b01c39a8e9e08038e157c452eebd8522c11b5946f907f372c47719fc4&X-Amz-Date=20251209T122519Z"} [2025-12-09 20:25:19.638] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:25:19.638] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:25:19.638] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:25:19.638] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:25:19.638] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:25:19.639] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:25:19.823] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_cat.pcap.TCP_192-168-52-1_13386_192-168-52-129_80.1726193434.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283119639, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 13386, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:25:19.823] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:25:19.823] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:25:19.823] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:25:19.823] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:25:22.752] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25394 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61684.1727518187.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61684.1727518187.jsonl?X-Amz-Expires=604800&X-Amz-Signature=6e11e1c022f02651acc3da1f13ac1db6114e429edfe9c0a8dc55e5a0c8fea0d1&X-Amz-Date=20251209T122522Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-09 20:25:22.752] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:25:22.752] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:25:22.753] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:25:22.753] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:25:22.753] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:25:22.753] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:25:22.936] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61684.1727518187.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283122753, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 61684, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:25:22.936] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:25:22.936] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:25:22.936] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:25:22.936] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:25:25.871] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24281 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62399_172-28-211-96_8080.1726642576.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62399_172-28-211-96_8080.1726642576.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251209T122525Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=a986dc70ceffe3c3d2f72e43b57c2aad1e7c0676add089008fe1724826663233&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:25:25.871] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:25:25.871] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:25:25.871] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:25:25.871] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:25:25.871] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:25:25.871] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:25:26.055] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62399_172-28-211-96_8080.1726642576.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283125871, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62399, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:25:26.055] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:25:26.055] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:25:26.055] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:25:26.055] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:25:28.990] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25395 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53626_192-168-112-135_443.1726625055.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53626_192-168-112-135_443.1726625055.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=db126422174662d854d632037596a4fb6f90d6c0540ebab0056ab9542376f8ca&X-Amz-Date=20251209T122528Z"} [2025-12-09 20:25:28.990] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:25:28.990] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:25:28.990] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:25:28.990] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:25:28.990] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:25:28.991] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:25:29.217] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53626_192-168-112-135_443.1726625055.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283128991, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53626, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999831590673547, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:25:29.217] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:25:29.217] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:25:29.217] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:25:29.217] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:25:32.105] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24282 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62477_172-28-211-96_8080.1726643244.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62477_172-28-211-96_8080.1726643244.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=aa8c6cfbc42100fe0d7a1edebf4abdcc91c46e8de71b01570fb8427a80abd895&X-Amz-Date=20251209T122531Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:25:32.105] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:25:32.105] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:25:32.105] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:25:32.105] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:25:32.105] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:25:32.106] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:25:32.292] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62477_172-28-211-96_8080.1726643244.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283132106, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62477, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:25:32.292] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:25:32.292] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:25:32.292] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:25:32.292] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:25:35.219] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25396 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53643_192-168-112-135_443.1726625086.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53643_192-168-112-135_443.1726625086.jsonl?X-Amz-Expires=604800&X-Amz-Signature=f9dd6f355c367307ce7329bf6dc981fcd973030b2f91d2fac5b28183deea2651&X-Amz-Date=20251209T122534Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:25:35.219] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:25:35.219] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:25:35.220] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:25:35.220] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:25:35.220] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:25:35.220] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:25:35.405] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53643_192-168-112-135_443.1726625086.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283135220, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53643, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999869975982164, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:25:35.405] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:25:35.405] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:25:35.405] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:25:35.405] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:25:38.323] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24283 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53576_192-168-112-135_443.1726624911.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53576_192-168-112-135_443.1726624911.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T122537Z&X-Amz-Signature=4f17a5ac0e00950f3f04ec0498e40648a9cfc554f05b6ff27deb21ebb0774435"} [2025-12-09 20:25:38.323] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:25:38.323] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:25:38.323] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:25:38.323] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:25:38.323] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:25:38.324] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:25:38.513] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53576_192-168-112-135_443.1726624911.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283138324, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53576, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999715293139834, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:25:38.513] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:25:38.513] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:25:38.513] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:25:38.513] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:25:41.426] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24284 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62806.1727519458.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62806.1727519458.jsonl?X-Amz-Signature=d5ae64cdc869e355a00b2c4e95ca07455068b2106c7699c42b8c536fd30757e5&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T122540Z"} [2025-12-09 20:25:41.426] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:25:41.426] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:25:41.427] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:25:41.427] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:25:41.427] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:25:41.427] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:25:41.611] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62806.1727519458.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283141427, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 62806, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:25:41.611] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:25:41.611] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:25:41.611] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:25:41.611] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:25:44.540] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25034 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53562_192-168-112-135_443.1726624883.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53562_192-168-112-135_443.1726624883.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251209T122544Z&X-Amz-Signature=f68080c31e766048b7f234296fa7438deb144dd40878f19b0a6d1456df6c7d83"} [2025-12-09 20:25:44.540] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:25:44.540] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:25:44.540] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:25:44.540] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:25:44.540] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:25:44.541] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:25:44.726] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53562_192-168-112-135_443.1726624883.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283144541, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53562, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999805233362195, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:25:44.726] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:25:44.726] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:25:44.726] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:25:44.726] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:25:47.646] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25035 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63347.1727520052.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63347.1727520052.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T122547Z&X-Amz-Signature=8761b88fbd221accdd0f3cd204fa5f4d872bad6c2ef8e46d2b020cf6765914f7&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 20:25:47.646] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:25:47.646] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:25:47.646] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:25:47.646] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:25:47.646] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:25:47.646] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:25:47.843] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63347.1727520052.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283147646, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 63347, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:25:47.843] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:25:47.843] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:25:47.843] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:25:47.843] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:25:50.765] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25036 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53570_192-168-112-135_443.1726624884.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53570_192-168-112-135_443.1726624884.jsonl?X-Amz-Date=20251209T122550Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=0a4cf74b478e6ef9cdc4cbdfd5c706be3f9ad1aa256b98a7874b12863b64b2d6"} [2025-12-09 20:25:50.765] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:25:50.765] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:25:50.765] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:25:50.765] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:25:50.765] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:25:50.766] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:25:50.952] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53570_192-168-112-135_443.1726624884.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283150766, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53570, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999700857372145, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:25:50.952] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:25:50.952] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:25:50.952] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:25:50.952] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:25:53.883] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24285 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53622_192-168-112-135_443.1726625040.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53622_192-168-112-135_443.1726625040.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T122553Z&X-Amz-Signature=b52e4355f4558d58cd4ed3f73a5c5397c798551da29c55a38dfc45728f6da70a"} [2025-12-09 20:25:53.884] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:25:53.884] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:25:53.884] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:25:53.884] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:25:53.884] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:25:53.884] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:25:54.070] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53622_192-168-112-135_443.1726625040.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283153885, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53622, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999862705092489, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:25:54.070] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:25:54.070] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:25:54.070] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:25:54.070] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:25:57.001] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24286 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_26048_192-168-37-136_8080.1727255460.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_26048_192-168-37-136_8080.1727255460.jsonl?X-Amz-Signature=9f5e1d8035570b6da173b3c084311fa1a3d2d5ad22fefeea1e9f4c88e7beef77&X-Amz-Date=20251209T122556Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 20:25:57.001] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:25:57.001] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:25:57.002] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:25:57.002] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:25:57.002] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:25:57.002] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:25:57.187] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_26048_192-168-37-136_8080.1727255460.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283157002, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 26048, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:25:57.187] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:25:57.187] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:25:57.187] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:25:57.187] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:26:00.119] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25397 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53577_192-168-112-135_443.1726624914.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53577_192-168-112-135_443.1726624914.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=d0afc1f5a172184e3ffacb219183cb025d10cfe32bbd1645549403b5b00d1353&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T122559Z"} [2025-12-09 20:26:00.119] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:26:00.119] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:26:00.119] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:26:00.119] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:26:00.119] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:26:00.120] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:26:00.305] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53577_192-168-112-135_443.1726624914.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283160120, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53577, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.999983947391477, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:26:00.306] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:26:00.306] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:26:00.306] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:26:00.306] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:26:03.222] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25037 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53639_192-168-112-135_443.1726625081.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53639_192-168-112-135_443.1726625081.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=59544f1926a8371be039ed2c75caef9713691116414bc58184ec97104f84bb3c&X-Amz-Expires=604800&X-Amz-Date=20251209T122602Z"} [2025-12-09 20:26:03.222] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:26:03.222] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:26:03.222] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:26:03.222] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:26:03.222] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:26:03.223] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:26:03.442] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53639_192-168-112-135_443.1726625081.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283163223, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53639, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.999994170278134, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:26:03.443] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:26:03.443] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:26:03.443] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:26:03.443] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:26:06.343] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25038 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53623_192-168-112-135_443.1726625042.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53623_192-168-112-135_443.1726625042.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251209T122605Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=f5337dcc7cff0b8a6a7ea6bdd10b56bbc9e3de322cd904870d3cdda617ab75b8"} [2025-12-09 20:26:06.343] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:26:06.343] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:26:06.343] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:26:06.343] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:26:06.343] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:26:06.343] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:26:06.529] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53623_192-168-112-135_443.1726625042.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283166344, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53623, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999894116698116, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:26:06.529] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:26:06.529] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:26:06.529] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:26:06.529] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:26:09.450] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24287 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62804.1727519456.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62804.1727519456.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T122608Z&X-Amz-Expires=604800&X-Amz-Signature=bb9abfe772e8a21f86ced446a987945f59e9308ce8e816cd53cce27876cbc464&X-Amz-SignedHeaders=host"} [2025-12-09 20:26:09.450] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:26:09.450] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:26:09.451] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:26:09.451] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:26:09.451] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:26:09.451] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:26:09.635] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62804.1727519456.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283169451, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 62804, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:26:09.635] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:26:09.635] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:26:09.635] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:26:09.635] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:29:08.889] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25039 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID41-httpCS4.8_windowsserver2016_kali_jdk_IP.1727336159.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID41-httpCS4.8_windowsserver2016_kali_jdk_IP.1727336159.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T122908Z&X-Amz-Signature=391a3885a8c26a68bb0a16e69a20657ebbcc1cde94e6311b5d55eaed4e303af9&X-Amz-Expires=604800"} [2025-12-09 20:29:08.889] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:29:08.889] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:29:08.890] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:29:08.890] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:29:08.890] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:29:08.891] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:29:09.183] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID41-httpCS4.8_windowsserver2016_kali_jdk_IP.1727336159.jsonl|result:{"code": 1, "total_count": 66, "alert_count": 66, "abnormal_count": 66, "normal_count": 0, "timestamp": 1765283348891, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50458, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50442, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50447, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50441, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50434, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50488, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50455, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50452, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50465, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50495, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50496, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50487, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50469, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50432, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50484, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50491, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50459, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50439, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50451, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50479, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50445, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50473, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50436, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50490, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50433, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50494, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50456, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50457, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50461, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50492, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50486, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50467, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50493, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50463, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50474, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50475, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50449, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50437, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50446, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50477, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50480, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50478, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50470, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50440, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50444, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50466, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50468, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50471, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50472, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50489, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50438, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50443, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50453, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50454, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50485, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50464, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50482, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50435, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50450, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50483, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50497, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50460, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50481, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50448, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50462, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50476, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:29:09.183] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 66|max_alert: 1000 [2025-12-09 20:29:09.183] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:29:09.183] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:29:09.183] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:29:12.041] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24288 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID11-tls1.2CS4.8_win8.1_ubuntu_jdk_IP.1727153689.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID11-tls1.2CS4.8_win8.1_ubuntu_jdk_IP.1727153689.jsonl?X-Amz-Signature=ca549a9c114706daa8f12575e7b4a21934aa9d4a5ae4e602abbdbde787470236&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T122911Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 20:29:12.041] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:29:12.041] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:29:12.041] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:29:12.041] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:29:12.041] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:29:12.042] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:29:12.299] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID11-tls1.2CS4.8_win8.1_ubuntu_jdk_IP.1727153689.jsonl|result:{"code": 1, "total_count": 27, "alert_count": 27, "abnormal_count": 27, "normal_count": 0, "timestamp": 1765283352042, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49389, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5038564456500831, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49387, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9793288447536691, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49396, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9773441175127737, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49377, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.934948872015937, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49381, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9787375062479386, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49376, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9976278309672408, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49379, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7031090464673974, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49401, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5006690306221482, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49382, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.955003478421508, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49386, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9843800620701243, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49384, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8238264827488067, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49383, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.985372814667335, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49385, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9831685557766816, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49375, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49378, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.45407316220415184, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49390, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6437887536108795, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49394, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.74828943309364, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49395, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6122954802276773, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49393, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.992554157689113, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49397, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9979786569351574, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49392, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.973397704251437, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49388, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9413625605995193, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49398, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7640807026477342, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49399, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7901584399786458, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49391, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.905557907729525, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49380, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5554621813343249, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49400, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.942447030166031, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:29:12.299] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 27|max_alert: 1000 [2025-12-09 20:29:12.299] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:29:12.299] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:29:12.299] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:29:15.163] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25040 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID41-httpCS4.8_windowsserver2016_kali_jdk_domain2.1727337377.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID41-httpCS4.8_windowsserver2016_kali_jdk_domain2.1727337377.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251209T122914Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=ba1143d2ac4b59b14317fb71f895f3a86e22e9aae2ba0bda1a1f5333c4ca9e35"} [2025-12-09 20:29:15.163] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:29:15.163] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:29:15.163] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:29:15.163] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:29:15.163] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:29:15.164] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:29:15.400] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID41-httpCS4.8_windowsserver2016_kali_jdk_domain2.1727337377.jsonl|result:{"code": 1, "total_count": 63, "alert_count": 63, "abnormal_count": 63, "normal_count": 0, "timestamp": 1765283355164, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51958, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51984, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51997, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52015, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51990, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51968, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51972, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51962, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51978, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51979, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52004, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51961, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52007, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51993, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51996, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51981, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51980, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51998, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52002, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51989, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52018, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51999, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51994, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52014, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51982, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52003, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51977, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51957, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52005, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52011, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52001, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51973, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51960, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52017, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51971, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51966, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51987, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51985, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52008, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51964, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51991, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51992, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51970, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51995, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51976, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52016, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51974, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51986, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51967, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52010, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51969, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51959, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51975, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52009, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52019, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51988, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51983, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51965, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52006, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51963, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52012, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52000, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52013, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:29:15.400] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 63|max_alert: 1000 [2025-12-09 20:29:15.400] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:29:15.400] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:29:15.400] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:29:18.387] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24289 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain6zwlkhflow1zwrkh.1726642702.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain6zwlkhflow1zwrkh.1726642702.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251209T122917Z&X-Amz-Signature=417ad1c54e1a9bb50a50d15a6941e6a14aeb37dfd6cb7f17600b244f1d51851c&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:29:18.387] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:29:18.387] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:29:18.388] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:29:18.388] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:29:18.388] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:29:18.389] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:29:18.576] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain6zwlkhflow1zwrkh.1726642702.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283358389, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49294, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9602321783515729, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:29:18.576] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:29:18.576] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:29:18.576] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:29:18.576] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:29:21.606] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24290 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain6zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49294.1726642702.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain6zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49294.1726642702.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T122921Z&X-Amz-SignedHeaders=host&X-Amz-Signature=89e6c860b3a614e9a788b5a70bc5938ff855b089b7970ea45216a5cd2c8fc477&X-Amz-Expires=604800"} [2025-12-09 20:29:21.606] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:29:21.606] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:29:21.606] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:29:21.606] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:29:21.606] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:29:21.607] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:29:21.805] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain6zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49294.1726642702.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283361607, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49294, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9602321783515729, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:29:21.805] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:29:21.805] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:29:21.805] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:29:21.805] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:29:24.728] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24291 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID48-httpCS4.8_windowsserver2022_ubuntu_openjdk_domain2.1727317242.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID48-httpCS4.8_windowsserver2022_ubuntu_openjdk_domain2.1727317242.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T122924Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=65d6f781662ea93dd0e49df4d192f238f6f1a0b6b0825b0be486d7554d88fd47&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:29:24.728] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:29:24.728] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:29:24.728] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:29:24.728] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:29:24.728] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:29:24.729] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:29:24.964] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID48-httpCS4.8_windowsserver2022_ubuntu_openjdk_domain2.1727317242.jsonl|result:{"code": 1, "total_count": 59, "alert_count": 59, "abnormal_count": 59, "normal_count": 0, "timestamp": 1765283364729, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49856, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49822, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49816, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49809, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49829, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49838, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49855, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49807, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49813, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49804, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49810, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49854, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49839, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49830, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49852, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49811, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49824, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49825, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49801, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49842, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49802, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49821, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49850, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49835, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49853, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49818, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49808, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49849, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49819, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49832, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49857, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49858, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49806, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49845, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49820, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49859, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49812, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49833, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49828, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49815, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49843, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49826, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49851, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49840, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49841, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49836, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49803, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49817, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49827, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49834, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49831, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49847, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49848, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49805, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49844, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49846, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49823, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49814, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49837, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:29:24.964] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 59|max_alert: 1000 [2025-12-09 20:29:24.964] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:29:24.964] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:29:24.964] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:29:27.909] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24292 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai5zwlkhflow1zwrkh.1726645602.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai5zwlkhflow1zwrkh.1726645602.jsonl?X-Amz-Date=20251209T122927Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=851d736ae0f09b17a373344ae7e498a065683e73beb6a70499100e659b56e785&X-Amz-Expires=604800"} [2025-12-09 20:29:27.909] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:29:27.909] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:29:27.909] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:29:27.910] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:29:27.910] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:29:27.910] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:29:28.096] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai5zwlkhflow1zwrkh.1726645602.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283367910, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49303, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9444643557189981, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:29:28.096] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:29:28.096] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:29:28.096] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:29:28.096] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:29:31.099] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25398 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai5zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49303.1726645602.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai5zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49303.1726645602.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T122930Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=5d656ce70d667d373a19c3ebb195a521ca7cb6444faf91fea5f78712f5c0cd3e"} [2025-12-09 20:29:31.099] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:29:31.099] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:29:31.099] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:29:31.099] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:29:31.099] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:29:31.100] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:29:31.334] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai5zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49303.1726645602.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283371100, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49303, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9444643557189981, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:29:31.334] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:29:31.334] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:29:31.334] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:29:31.334] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:29:34.233] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25041 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID14-tls1.2CS4.8_win8_kali_openjdk_domain.1727156603.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID14-tls1.2CS4.8_win8_kali_openjdk_domain.1727156603.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=45c3fc4acf78ab01168ef6b6b8cc38ed7fbf9bc8bece98b54287b26e287f54e3&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T122933Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-09 20:29:34.234] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:29:34.234] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:29:34.234] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:29:34.234] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:29:34.234] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:29:34.234] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:29:34.481] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID14-tls1.2CS4.8_win8_kali_openjdk_domain.1727156603.jsonl|result:{"code": 1, "total_count": 25, "alert_count": 25, "abnormal_count": 25, "normal_count": 0, "timestamp": 1765283374235, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50308, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.98582402511476, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50323, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.8036459500168494, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50317, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.8321815792412194, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50324, "dest_port": 5443, "y_pred": 1, "y_pred_proba_max": 0.7740500401884959, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50306, "dest_port": 8001, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50329, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.958704615001943, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50330, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.8523087665141738, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50319, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.9744218358372663, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50331, "dest_port": 5443, "y_pred": 1, "y_pred_proba_max": 0.99099921455513, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50314, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.8842332866984993, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50309, "dest_port": 5443, "y_pred": 1, "y_pred_proba_max": 0.7774946569530512, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50322, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.8498700399594922, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50325, "dest_port": 5443, "y_pred": 1, "y_pred_proba_max": 0.7302994948401119, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50327, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.99004898471318, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50318, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.7860856928218103, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50316, "dest_port": 5443, "y_pred": 1, "y_pred_proba_max": 0.5932800343351953, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50321, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.8960384278930974, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50311, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.728740398624775, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50313, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.5966672964634695, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50326, "dest_port": 5443, "y_pred": 1, "y_pred_proba_max": 0.9934596360471903, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50310, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.9634689604691851, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50315, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.5371866072771162, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50328, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.9754945217276421, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50307, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.9971275769982026, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50320, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.8021655423506808, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:29:34.481] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 25|max_alert: 1000 [2025-12-09 20:29:34.481] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:29:34.481] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:29:34.481] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:29:37.363] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25042 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID46-httpCS4.8_windowsserver2022_kali_openjdk_domain3.1727331322.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID46-httpCS4.8_windowsserver2022_kali_openjdk_domain3.1727331322.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T122936Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=63a886d151bc226f7660b915ba39c28ddcfe92f4e6862cfaa9d3ba30f1df4151"} [2025-12-09 20:29:37.363] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:29:37.363] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:29:37.363] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:29:37.363] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:29:37.363] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:29:37.364] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:29:37.599] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID46-httpCS4.8_windowsserver2022_kali_openjdk_domain3.1727331322.jsonl|result:{"code": 1, "total_count": 54, "alert_count": 54, "abnormal_count": 54, "normal_count": 0, "timestamp": 1765283377364, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51514, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51534, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51496, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51553, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51549, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51520, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51509, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51515, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51530, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51517, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51535, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51506, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51525, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51552, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51554, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51503, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51510, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51522, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51543, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51497, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51526, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51518, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51538, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51527, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51545, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51519, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51532, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51533, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51536, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51537, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51501, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51504, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51511, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51540, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51541, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51547, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51548, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51524, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51512, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51523, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51544, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51528, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51513, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51529, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51505, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51531, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51516, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51542, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51508, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51521, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51539, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51546, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51550, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51551, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:29:37.599] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 54|max_alert: 1000 [2025-12-09 20:29:37.599] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:29:37.599] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:29:37.599] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:29:40.489] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25399 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID46-httpCS4.8_windowsserver2022_kali_openjdk_domain1.1727322671.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID46-httpCS4.8_windowsserver2022_kali_openjdk_domain1.1727322671.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=258f75247567b17fa9a89fc0b73e2df81591974d58ee604cde3c1aa4bacbde60&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T122940Z"} [2025-12-09 20:29:40.489] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:29:40.489] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:29:40.489] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:29:40.489] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:29:40.489] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:29:40.490] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:29:40.719] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID46-httpCS4.8_windowsserver2022_kali_openjdk_domain1.1727322671.jsonl|result:{"code": 1, "total_count": 52, "alert_count": 52, "abnormal_count": 52, "normal_count": 0, "timestamp": 1765283380490, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51349, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51323, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51354, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51359, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51348, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51324, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51355, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51357, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51345, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51313, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51342, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51314, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51322, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51334, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51316, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51327, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51346, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51350, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51331, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51321, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51317, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51309, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51330, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51333, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51325, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51340, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51341, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51347, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51358, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51326, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51319, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51335, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51337, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51353, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51339, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51351, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51356, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51320, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51352, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51338, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51332, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51329, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51310, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51312, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51318, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51336, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51311, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51328, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51343, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51315, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51344, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51308, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:29:40.719] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 52|max_alert: 1000 [2025-12-09 20:29:40.719] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:29:40.719] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:29:40.719] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:29:43.629] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25400 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID46-httpCS4.8_windowsserver2022_kali_openjdk_IP.1727321865.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID46-httpCS4.8_windowsserver2022_kali_openjdk_IP.1727321865.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T122943Z&X-Amz-Signature=4a93028e5618f55d7e52628d5c01f799f4ecf341b55df49a4615b5467955e766"} [2025-12-09 20:29:43.629] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:29:43.629] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:29:43.629] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:29:43.629] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:29:43.629] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:29:43.630] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:29:43.856] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID46-httpCS4.8_windowsserver2022_kali_openjdk_IP.1727321865.jsonl|result:{"code": 1, "total_count": 49, "alert_count": 49, "abnormal_count": 49, "normal_count": 0, "timestamp": 1765283383630, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51042, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51059, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51024, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51028, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51060, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51062, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51064, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51066, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51027, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51044, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51039, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51007, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51051, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51037, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51043, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51063, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51071, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51022, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51030, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51038, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51058, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51021, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51055, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51069, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51045, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51061, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51023, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51050, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51032, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51033, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51065, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51056, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51031, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51036, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51049, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51057, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51067, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51006, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51040, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51034, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51048, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51068, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51070, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51041, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51047, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51035, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51029, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51052, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51046, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:29:43.856] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 49|max_alert: 1000 [2025-12-09 20:29:43.856] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:29:43.856] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:29:43.856] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:29:46.769] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24293 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID47-httpCS4.8_windowsserver2022_ubuntu_jdk_domain3.1727320842.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID47-httpCS4.8_windowsserver2022_ubuntu_jdk_domain3.1727320842.jsonl?X-Amz-Date=20251209T122946Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=6f2cba2b8cb381cb0113733dfde119b6197347871efc2e67e23fca4b19b6163a"} [2025-12-09 20:29:46.769] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:29:46.769] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:29:46.769] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:29:46.769] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:29:46.769] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:29:46.770] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:29:46.995] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID47-httpCS4.8_windowsserver2022_ubuntu_jdk_domain3.1727320842.jsonl|result:{"code": 1, "total_count": 47, "alert_count": 47, "abnormal_count": 47, "normal_count": 0, "timestamp": 1765283386770, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50822, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50817, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50808, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50811, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50829, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50800, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50816, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50810, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50833, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50809, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50843, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50804, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50828, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50802, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50840, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50841, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50834, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50835, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50812, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50826, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50830, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50837, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50815, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50807, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50846, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50806, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50838, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50824, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50839, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50844, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50801, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50823, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50845, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50825, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50832, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50814, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50818, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50819, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50836, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50813, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50805, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50827, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50821, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50820, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50831, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50803, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50842, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:29:46.995] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 47|max_alert: 1000 [2025-12-09 20:29:46.996] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:29:46.996] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:29:46.996] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:29:49.939] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25401 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai4zwlkhflow1zwrkh.1726645526.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai4zwlkhflow1zwrkh.1726645526.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=b1cacf5a3c6570f2d4726c5628e0b20e0d913a313329a9bd432319811e3e3798&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T122949Z&X-Amz-Expires=604800"} [2025-12-09 20:29:49.939] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:29:49.939] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:29:49.939] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:29:49.939] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:29:49.939] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:29:49.940] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:29:50.125] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai4zwlkhflow1zwrkh.1726645526.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283389940, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49302, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8959634024249302, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:29:50.125] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:29:50.125] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:29:50.125] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:29:50.125] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:29:53.167] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24294 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai4zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49302.1726645526.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai4zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49302.1726645526.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=2a9c542e907e105d3330246bc53864104f93560b6fff7253a2f4e2742ee1ef43&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T122952Z&X-Amz-SignedHeaders=host"} [2025-12-09 20:29:53.167] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:29:53.167] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:29:53.167] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:29:53.167] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:29:53.167] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:29:53.168] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:29:53.366] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai4zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49302.1726645526.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283393168, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49302, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8959634024249302, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:29:53.366] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:29:53.366] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:29:53.366] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:29:53.366] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:29:56.302] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24295 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID47-httpCS4.8_windowsserver2022_ubuntu_jdk_IP.1727319482.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID47-httpCS4.8_windowsserver2022_ubuntu_jdk_IP.1727319482.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T122956Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=c4c3ab05de1a3d8ac197a93b6298b5f972e4baf6e7f391567c63108bfca028c5"} [2025-12-09 20:29:56.302] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:29:56.302] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:29:56.302] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:29:56.302] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:29:56.302] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:29:56.302] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:29:56.527] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID47-httpCS4.8_windowsserver2022_ubuntu_jdk_IP.1727319482.jsonl|result:{"code": 1, "total_count": 43, "alert_count": 43, "abnormal_count": 43, "normal_count": 0, "timestamp": 1765283396303, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50527, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50509, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50522, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50531, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50506, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50540, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50545, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50526, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50523, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50537, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50508, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50511, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50510, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50504, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50513, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50532, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50534, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50528, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50535, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50538, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50544, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50525, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50542, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50529, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50543, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50515, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50516, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50530, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50546, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50521, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50517, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50520, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50541, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50524, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50512, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50533, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50514, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50505, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50536, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50518, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50507, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50519, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50539, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:29:56.527] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 43|max_alert: 1000 [2025-12-09 20:29:56.527] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:29:56.527] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:29:56.527] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:29:59.552] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25402 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai4ywlkhflow_1ywrkh.1726050485.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai4ywlkhflow_1ywrkh.1726050485.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251209T122959Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=70b01d4b8e9c8c00699e9fc552bf2ca1e6d6319a94c125e59bdd7d7ce0c9eb7f&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-09 20:29:59.553] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:29:59.553] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:29:59.553] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:29:59.553] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:29:59.553] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:29:59.553] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:29:59.751] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai4ywlkhflow_1ywrkh.1726050485.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283399553, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50462, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.5368027392512583, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:29:59.752] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:29:59.752] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:29:59.752] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:29:59.752] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:30:02.738] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24296 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai4ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50462.1726050485.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai4ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50462.1726050485.jsonl?X-Amz-Date=20251209T123002Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=1019249d60f15c21abc440ac6023c053d9fa95ca8eb61837fa7ab077f9900a3b"} [2025-12-09 20:30:02.738] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:30:02.738] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:30:02.739] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:30:02.739] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:30:02.739] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:30:02.740] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:30:02.927] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai4ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50462.1726050485.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283402740, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50462, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.5368027392512583, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:30:02.927] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:30:02.927] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:30:02.927] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:30:02.927] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:30:05.943] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25043 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai6.1726051351.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai6.1726051351.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=2cf968faf87e6b2981c30d0e69e9b4ebc9b6ed9d87e8971f09104de70d30a7d9&X-Amz-Date=20251209T123005Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:30:05.943] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:30:05.943] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:30:05.943] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:30:05.943] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:30:05.943] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:30:05.944] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:30:06.174] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai6.1726051351.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283405944, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50508, "dest_port": 50050, "y_pred": 2, "y_pred_proba_max": 0.650362677828676, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:30:06.174] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:30:06.174] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:30:06.174] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:30:06.174] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:30:09.050] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25044 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID47-httpCS4.8_windowsserver2022_ubuntu_jdk_domain2.1727320559.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID47-httpCS4.8_windowsserver2022_ubuntu_jdk_domain2.1727320559.jsonl?X-Amz-Signature=5306ee780028f39f992d981b0cd5214c69c150eb6f197c16023e59a6499c5421&X-Amz-Date=20251209T123008Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:30:09.050] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:30:09.050] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:30:09.051] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:30:09.051] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:30:09.051] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:30:09.051] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:30:09.276] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID47-httpCS4.8_windowsserver2022_ubuntu_jdk_domain2.1727320559.jsonl|result:{"code": 1, "total_count": 47, "alert_count": 47, "abnormal_count": 47, "normal_count": 0, "timestamp": 1765283409051, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50751, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50781, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50775, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50790, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50758, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50756, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50777, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50782, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50763, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50757, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50772, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50778, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50780, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50785, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50784, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50773, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50750, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50766, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50793, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50760, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50770, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50776, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50768, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50783, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50771, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50779, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50761, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50786, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50752, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50789, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50755, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50774, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50794, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50767, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50788, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50792, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50787, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50762, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50753, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50754, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50769, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50791, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50748, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50765, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50749, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50764, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50759, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:30:09.276] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 47|max_alert: 1000 [2025-12-09 20:30:09.276] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:30:09.276] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:30:09.276] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:30:12.158] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25403 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID48-httpCS4.8_windowsserver2022_ubuntu_openjdk_IP.1727318251.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID48-httpCS4.8_windowsserver2022_ubuntu_openjdk_IP.1727318251.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251209T123011Z&X-Amz-Signature=db4abbb050dd3cba7fb7eb9fe712cfe27d470f41b4835418179da205f72692b7&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:30:12.158] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:30:12.158] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:30:12.158] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:30:12.158] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:30:12.158] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:30:12.158] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:30:12.380] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID48-httpCS4.8_windowsserver2022_ubuntu_openjdk_IP.1727318251.jsonl|result:{"code": 1, "total_count": 43, "alert_count": 43, "abnormal_count": 43, "normal_count": 0, "timestamp": 1765283412158, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50156, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50157, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50190, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50180, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50153, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50154, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50165, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50178, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50152, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50170, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50188, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50189, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50148, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50181, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50158, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50173, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50150, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50168, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50169, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50182, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50160, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50184, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50162, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50147, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50167, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50172, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50166, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50179, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50192, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50171, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50187, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50155, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50183, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50175, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50186, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50174, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50151, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50185, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50159, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50161, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50191, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50164, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50163, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:30:12.380] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 43|max_alert: 1000 [2025-12-09 20:30:12.380] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:30:12.380] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:30:12.380] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:30:15.380] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25045 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai2ywlkhflow_1ywrkh.1726049011.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai2ywlkhflow_1ywrkh.1726049011.jsonl?X-Amz-Signature=aa1effdcefb4dfab35dd0ef23cc30fc43414b8b62f4c3933ec3e5560e775b458&X-Amz-Date=20251209T123014Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:30:15.380] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:30:15.381] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:30:15.381] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:30:15.381] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:30:15.381] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:30:15.381] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:30:15.567] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai2ywlkhflow_1ywrkh.1726049011.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283415381, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50375, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.42375601626036763, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:30:15.567] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:30:15.567] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:30:15.567] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:30:15.567] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:30:18.586] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24297 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai2ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50375.1726049011.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai2ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50375.1726049011.jsonl?X-Amz-Date=20251209T123018Z&X-Amz-Signature=82717e6bbbfcaeae8b544e89d7d55111ebcf9020eadffbecf89c528324544eba&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-09 20:30:18.586] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:30:18.586] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:30:18.586] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:30:18.586] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:30:18.586] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:30:18.586] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:30:18.785] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai2ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50375.1726049011.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283418587, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50375, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.42375601626036763, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:30:18.785] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:30:18.785] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:30:18.785] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:30:18.785] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:30:21.814] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24298 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID39-tls1.2CS4.8_windowsserver2008R2_ubuntu_jdk_IP.1726235797.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID39-tls1.2CS4.8_windowsserver2008R2_ubuntu_jdk_IP.1726235797.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=7b3582e44456dc8ad915c5162987df44649cfd5ca6e74a89bf6182df4e84e687&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T123021Z"} [2025-12-09 20:30:21.814] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:30:21.814] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:30:21.815] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:30:21.815] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:30:21.815] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:30:21.815] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:30:22.269] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID39-tls1.2CS4.8_windowsserver2008R2_ubuntu_jdk_IP.1726235797.jsonl|result:{"code": 1, "total_count": 102, "alert_count": 102, "abnormal_count": 102, "normal_count": 0, "timestamp": 1765283421815, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50863, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5984173988981478, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50815, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.639325160896374, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50877, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6736774973218647, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50837, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9922358730694089, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50813, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7300520369971781, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50845, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8780569154840286, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50923, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6037852244484628, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50811, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6791630096236309, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50869, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9957288923966026, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50957, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7312698451653444, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50987, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7038126580697722, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50879, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7311322207988453, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50949, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6618336691742885, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50991, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9931025337621996, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50819, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.981265411988122, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50935, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5953326564224193, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50945, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7155346945100859, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50955, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.551179165767616, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50807, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6876854774371972, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50871, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7493676590293616, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50921, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7758339734246045, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50937, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7971194038955031, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50843, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.95864384571139, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50975, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6702012437623773, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50809, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9941808894514145, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50887, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7172416787955587, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50929, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5007243089821285, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50885, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7640050641119775, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50989, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5598396461229516, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50857, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6699960969484994, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50961, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5033218310660245, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50873, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5058611426764994, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50891, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.683456170356425, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50941, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5926142382543625, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50981, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6392845332149717, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50951, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6011035987134368, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50859, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9238512066358242, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50865, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5661591621450582, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50803, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6120274937700596, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50915, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6156197787226111, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50927, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5242750650792728, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50917, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6111576976117766, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50853, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5735383399212105, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50907, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6636155970055155, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50979, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6701340698167286, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50823, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6206036460160512, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50939, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6900383423465327, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50839, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6011794535310755, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50835, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6728480394226486, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50909, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6099981039197431, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50829, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9682184576258437, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50883, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6361978915004562, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50983, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5545960174442225, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50913, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5101702419060166, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50881, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6193376678712463, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50903, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5594410706346352, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50867, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5373007198887872, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50799, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5466615284323838, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50849, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6625414558800179, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50801, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.640443219591207, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50919, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8317657112122807, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50959, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5978018834022238, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50797, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6150799342310208, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50895, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5131515898212987, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50965, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5415679412483102, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50893, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6758668776421393, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50963, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5407785627355066, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50969, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7476527650571858, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50901, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.568835535940407, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50789, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6270958981426007, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50855, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5416790900361436, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50899, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7266182906234704, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50791, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6733907178912225, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50911, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8099944021551874, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50817, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7274411377617257, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50827, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.51267114059645, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50851, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8945154236307735, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50861, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6445276046314751, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50875, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5262032548089761, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50889, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6080592386242312, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50795, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6307855104098725, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50833, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6617233849900483, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50925, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5117180467241854, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50933, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5348415963188995, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50953, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5131332103613157, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50805, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8530921014260352, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50967, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7767430028461755, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50821, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9021330198267359, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50825, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6145701995895911, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50905, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5781170702871292, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50847, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6825058608684855, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50931, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5006269698884488, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50943, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6433022299937078, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50985, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9316355367300041, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50897, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7174637473492788, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50841, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5535644031487712, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50971, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6919968698491538, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50947, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6306230275051637, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50977, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7091951922619264, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50973, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5685477718727785, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50831, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5682749480968502, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50793, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7011584880602615, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:30:22.269] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 102|max_alert: 1000 [2025-12-09 20:30:22.269] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:30:22.269] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:30:22.269] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:30:25.027] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25046 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai6.pcap.TCP_192-168-88-22_50050_192-168-88-28_50508.1726051351.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai6.pcap.TCP_192-168-88-22_50050_192-168-88-28_50508.1726051351.jsonl?X-Amz-Expires=604800&X-Amz-Signature=6db4a39eb6d7ee22f129687274ca1d105a6ee95d2d0f13fe30d9e3e406c0aab2&X-Amz-Date=20251209T123024Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:30:25.027] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:30:25.027] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:30:25.027] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:30:25.027] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:30:25.027] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:30:25.028] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:30:25.212] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai6.pcap.TCP_192-168-88-22_50050_192-168-88-28_50508.1726051351.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283425028, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50508, "dest_port": 50050, "y_pred": 2, "y_pred_proba_max": 0.650362677828676, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:30:25.212] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:30:25.212] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:30:25.212] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:30:25.212] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:30:28.212] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25404 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai6ywlkhflow_1ywrkh.1726050849.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai6ywlkhflow_1ywrkh.1726050849.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=0916b570e6121d279cb3d769ad350e2b6cb741588e21117d4522a2f82a507eea&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251209T123027Z"} [2025-12-09 20:30:28.212] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:30:28.212] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:30:28.212] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:30:28.212] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:30:28.212] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:30:28.213] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:30:28.403] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai6ywlkhflow_1ywrkh.1726050849.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283428213, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50486, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.2790395770669693, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:30:28.403] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:30:28.403] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:30:28.403] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:30:28.403] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:30:31.401] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25405 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai6ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50486.1726050849.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai6ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50486.1726050849.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123030Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=94be1f70705f084932b6fb197742e6781a4526d27f42d6dbc54b2bf5c734bcd3&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:30:31.401] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:30:31.401] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:30:31.401] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:30:31.401] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:30:31.401] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:30:31.402] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:30:31.590] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai6ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50486.1726050849.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283431402, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50486, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.2790395770669693, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:30:31.590] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:30:31.590] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:30:31.590] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:30:31.590] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:30:34.508] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25047 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID48-httpCS4.8_windowsserver2022_ubuntu_openjdk_domain1.1727316562.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID48-httpCS4.8_windowsserver2022_ubuntu_openjdk_domain1.1727316562.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251209T123034Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=355a19d1288f78c00bf185348189541df8ad80e7a61292a89704076b083c2b3c&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:30:34.508] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:30:34.508] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:30:34.508] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:30:34.508] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:30:34.508] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:30:34.508] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:30:34.729] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID48-httpCS4.8_windowsserver2022_ubuntu_openjdk_domain1.1727316562.jsonl|result:{"code": 1, "total_count": 41, "alert_count": 41, "abnormal_count": 41, "normal_count": 0, "timestamp": 1765283434509, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49775, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49773, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49785, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49792, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49782, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49794, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49762, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49766, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49796, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49769, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49764, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49784, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49786, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49783, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49789, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49779, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49771, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49788, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49761, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49763, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49767, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49759, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49776, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49795, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49799, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49768, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49787, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49797, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49781, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49777, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49791, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49770, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49772, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49774, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49790, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49793, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49798, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49760, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49778, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49780, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49765, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:30:34.729] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 41|max_alert: 1000 [2025-12-09 20:30:34.729] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:30:34.729] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:30:34.729] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:30:37.679] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25406 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain5zwlkhflow1zwrkh.1726642630.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain5zwlkhflow1zwrkh.1726642630.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=36590c1d554a0d9fadd88e917a79e156ef57902a3c6c099122eb416d74efcaf9&X-Amz-Date=20251209T123037Z"} [2025-12-09 20:30:37.679] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:30:37.679] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:30:37.680] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:30:37.680] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:30:37.680] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:30:37.680] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:30:37.866] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain5zwlkhflow1zwrkh.1726642630.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283437680, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49293, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9193778156522134, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:30:37.866] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:30:37.866] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:30:37.866] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:30:37.866] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:30:40.890] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25048 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain5zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49293.1726642630.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain5zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49293.1726642630.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=4228449c3dd4c71276e5fca04b9b4bd0014db171673f1569bcf701234955d27e&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T123040Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:30:40.890] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:30:40.890] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:30:40.890] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:30:40.890] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:30:40.890] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:30:40.891] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:30:41.090] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain5zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49293.1726642630.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283440891, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49293, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9193778156522134, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:30:41.090] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:30:41.090] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:30:41.090] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:30:41.090] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:30:44.074] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25407 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai.1726046985.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai.1726046985.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=9de856333f5570ad97c2c57c996e233a320829d0392c85ccbfd05044bdcc146d&X-Amz-Date=20251209T123043Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:30:44.074] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:30:44.074] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:30:44.074] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:30:44.074] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:30:44.074] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:30:44.075] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:30:44.261] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai.1726046985.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283444075, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50357, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.6234711485019768, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:30:44.261] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:30:44.261] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:30:44.261] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:30:44.261] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:30:47.180] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24299 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID47-httpCS4.8_windowsserver2022_ubuntu_jdk_domain1.1727320318.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID47-httpCS4.8_windowsserver2022_ubuntu_jdk_domain1.1727320318.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123046Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=e8765ff763ecefa130ec4bdc6b078f37d7b182b82cc2295ab7fbb767f51ce01b"} [2025-12-09 20:30:47.181] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:30:47.181] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:30:47.181] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:30:47.181] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:30:47.181] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:30:47.181] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:30:47.430] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID47-httpCS4.8_windowsserver2022_ubuntu_jdk_domain1.1727320318.jsonl|result:{"code": 1, "total_count": 36, "alert_count": 36, "abnormal_count": 36, "normal_count": 0, "timestamp": 1765283447181, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50740, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50709, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50741, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50734, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50736, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50716, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50725, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50712, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50702, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50724, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50715, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50729, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50718, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50742, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50722, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50739, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50707, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50710, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50713, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50720, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50723, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50727, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50733, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50726, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50711, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50717, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50731, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50730, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50735, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50719, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50703, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50714, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50732, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50721, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50737, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50738, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:30:47.431] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 36|max_alert: 1000 [2025-12-09 20:30:47.431] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:30:47.431] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:30:47.431] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:30:50.394] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24300 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai.pcap.TCP_192-168-88-22_50050_192-168-88-28_50357.1726046985.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai.pcap.TCP_192-168-88-22_50050_192-168-88-28_50357.1726046985.jsonl?X-Amz-Expires=604800&X-Amz-Signature=bc6b57c46d4c4422e10c7a27fdff26e95427ab3798c165a4f2c8f965ffe29277&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T123049Z"} [2025-12-09 20:30:50.394] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:30:50.394] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:30:50.394] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:30:50.395] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:30:50.395] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:30:50.395] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:30:50.579] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai.pcap.TCP_192-168-88-22_50050_192-168-88-28_50357.1726046985.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283450395, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50357, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.6234711485019768, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:30:50.579] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:30:50.579] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:30:50.579] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:30:50.579] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:30:53.586] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25408 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai5.1726051299.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai5.1726051299.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=ad798d7990e756c802c8129571ea4595089c91a320cc7309e5e6763f246d0a2d&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123053Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 20:30:53.586] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:30:53.586] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:30:53.586] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:30:53.586] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:30:53.586] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:30:53.587] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:30:53.784] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai5.1726051299.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283453587, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50506, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.5142833553629224, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:30:53.784] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:30:53.784] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:30:53.784] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:30:53.784] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:30:56.812] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24301 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai5.pcap.TCP_192-168-88-22_50050_192-168-88-28_50506.1726051299.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai5.pcap.TCP_192-168-88-22_50050_192-168-88-28_50506.1726051299.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T123056Z&X-Amz-SignedHeaders=host&X-Amz-Signature=ac4c3c184b2fb68e08439c039a9fee5bc838b912f1e8abfe44afb50fb3b5bc63&X-Amz-Expires=604800"} [2025-12-09 20:30:56.812] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:30:56.812] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:30:56.813] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:30:56.813] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:30:56.813] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:30:56.813] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:30:57.012] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai5.pcap.TCP_192-168-88-22_50050_192-168-88-28_50506.1726051299.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283456813, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50506, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.5142833553629224, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:30:57.012] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:30:57.012] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:30:57.012] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:30:57.012] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:30:59.931] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25409 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID3_CS4.8_win11_Ubuntu_jdk_IP_http.1726065194.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID3_CS4.8_win11_Ubuntu_jdk_IP_http.1726065194.jsonl?X-Amz-Date=20251209T123059Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=11508f7b40679ff335c5661ab467572cefb4c2bdf2f9bd32cd2ef449283e0194&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:30:59.931] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:30:59.931] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:30:59.931] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:30:59.931] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:30:59.931] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:30:59.932] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:31:00.164] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID3_CS4.8_win11_Ubuntu_jdk_IP_http.1726065194.jsonl|result:{"code": 1, "total_count": 55, "alert_count": 55, "abnormal_count": 55, "normal_count": 0, "timestamp": 1765283459932, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53859, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53860, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53839, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53868, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53822, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53829, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53844, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53851, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53873, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53849, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53858, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53835, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53846, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53861, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53866, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53841, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53838, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53818, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53828, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53853, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53872, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53837, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53863, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53843, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53856, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53819, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53824, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53848, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53862, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53864, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53821, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53834, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53836, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53842, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53865, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53867, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53871, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53833, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53845, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53855, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53847, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53870, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53857, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53820, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53825, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53840, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53830, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53823, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53852, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53831, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53827, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53832, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53826, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53850, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53854, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:31:00.164] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 55|max_alert: 1000 [2025-12-09 20:31:00.164] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:31:00.164] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:31:00.164] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:31:03.146] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24302 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain4zwlkhflow1zwrkh.1726642261.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain4zwlkhflow1zwrkh.1726642261.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=a6e6c1eb418de41ac31bb3ec1d6073169ad86f8a868b7b42f876dec7c06d2e6b&X-Amz-Date=20251209T123102Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:31:03.146] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:31:03.146] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:31:03.147] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:31:03.147] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:31:03.147] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:31:03.147] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:31:03.334] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain4zwlkhflow1zwrkh.1726642261.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283463147, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49292, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.879674588176313, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:31:03.334] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:31:03.334] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:31:03.334] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:31:03.334] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:31:06.322] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25049 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain4zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49292.1726642261.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain4zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49292.1726642261.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=c147d76e6437fb004a5a57a467f302999ae0807ffd6360bdd4f769e1e805ccde&X-Amz-Expires=604800&X-Amz-Date=20251209T123105Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:31:06.322] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:31:06.322] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:31:06.323] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:31:06.323] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:31:06.323] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:31:06.323] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:31:06.510] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain4zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49292.1726642261.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283466323, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49292, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.879674588176313, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:31:06.510] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:31:06.510] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:31:06.510] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:31:06.510] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:31:09.472] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25050 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID13-tls1.2CS4.8_win8_kali_jdk_domain.1727156056.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID13-tls1.2CS4.8_win8_kali_jdk_domain.1727156056.jsonl?X-Amz-Date=20251209T123108Z&X-Amz-Signature=4a62aa65ea22e4bbe4cc350818b8eb8e6ead930b0f04b4f32f11820156ff13d6&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-09 20:31:09.472] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:31:09.472] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:31:09.472] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:31:09.472] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:31:09.472] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:31:09.472] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:31:09.703] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID13-tls1.2CS4.8_win8_kali_jdk_domain.1727156056.jsonl|result:{"code": 1, "total_count": 19, "alert_count": 19, "abnormal_count": 19, "normal_count": 0, "timestamp": 1765283469472, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50246, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.916921649353848, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50253, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.9641754451476029, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50251, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.997416220882397, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50244, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.9593468344435695, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50243, "dest_port": 8001, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50261, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.7692644950533362, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50260, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.9390402271006678, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50259, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.9595244237312814, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50248, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.9963515801867898, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50257, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.8525560281790904, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50249, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.9233846845974968, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50250, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.9320583916030145, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50256, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.8477372842944235, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50258, "dest_port": 5443, "y_pred": 1, "y_pred_proba_max": 0.7663309957563321, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50247, "dest_port": 5443, "y_pred": 1, "y_pred_proba_max": 0.8969798417828733, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50262, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.6534341140937984, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50254, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.9572836760424767, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50252, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.959619540756816, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50255, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.9420132882437707, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:31:09.703] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 19|max_alert: 1000 [2025-12-09 20:31:09.703] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:31:09.703] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:31:09.703] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:31:12.577] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24303 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID3_CS4.8_win11_Ubuntu_jdk_Domain_http.1726065730.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID3_CS4.8_win11_Ubuntu_jdk_Domain_http.1726065730.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251209T123112Z&X-Amz-Signature=c49ca0a06b8f1ce860d0cd3e003a282a2adf07c357e090a083c486556199afd1"} [2025-12-09 20:31:12.577] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:31:12.577] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:31:12.577] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:31:12.577] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:31:12.577] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:31:12.578] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:31:12.798] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID3_CS4.8_win11_Ubuntu_jdk_Domain_http.1726065730.jsonl|result:{"code": 1, "total_count": 44, "alert_count": 44, "abnormal_count": 44, "normal_count": 0, "timestamp": 1765283472578, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53972, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53965, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53997, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53968, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53963, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53961, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53984, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53980, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53981, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53959, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53960, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53990, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53995, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53967, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53979, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53969, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53977, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53973, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53958, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53994, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53962, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53998, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53999, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53991, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53985, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53956, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53987, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53992, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53989, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53976, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53983, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53982, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53957, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53975, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53970, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53978, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53966, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53964, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53971, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53974, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53986, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53993, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53996, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53988, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:31:12.798] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 44|max_alert: 1000 [2025-12-09 20:31:12.798] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:31:12.798] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:31:12.798] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:31:15.737] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25051 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai4.1726051154.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai4.1726051154.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=7c32532c2bf79393c68220bea834dc66dad4e4fc02e83833497f4068573e367f&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T123115Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-09 20:31:15.737] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:31:15.737] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:31:15.737] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:31:15.737] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:31:15.737] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:31:15.738] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:31:15.924] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai4.1726051154.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283475738, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50500, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9305351053377865, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:31:15.924] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:31:15.924] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:31:15.924] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:31:15.924] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:31:18.922] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25052 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai4.pcap.TCP_192-168-88-22_50050_192-168-88-28_50500.1726051154.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai4.pcap.TCP_192-168-88-22_50050_192-168-88-28_50500.1726051154.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T123118Z&X-Amz-Signature=9dad33b4e50d4e30ee9c5fa746515734eaf42b97953e8130a9f03530f3f07b8e&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:31:18.922] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:31:18.922] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:31:18.922] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:31:18.922] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:31:18.922] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:31:18.922] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:31:19.109] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai4.pcap.TCP_192-168-88-22_50050_192-168-88-28_50500.1726051154.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283478923, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50500, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9305351053377865, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:31:19.109] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:31:19.109] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:31:19.109] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:31:19.109] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:31:22.110] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25410 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai6.1726052724.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai6.1726052724.jsonl?X-Amz-Date=20251209T123121Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=86eae92409168e704fa32959bb3de1b2d2c938911875090f64e58c2e8cb597c0&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:31:22.110] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:31:22.110] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:31:22.110] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:31:22.110] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:31:22.110] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:31:22.111] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:31:22.331] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai6.1726052724.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283482111, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50569, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.825496045424889, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:31:22.331] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:31:22.331] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:31:22.331] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:31:22.331] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:31:25.298] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25411 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai6.pcap.TCP_192-168-88-24_50050_192-168-88-28_50569.1726052724.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai6.pcap.TCP_192-168-88-24_50050_192-168-88-28_50569.1726052724.jsonl?X-Amz-Signature=f43544a8b91d24e678b5cdc865e7e351aecc27747b6b33417b6e0627cfa6514b&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T123124Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-09 20:31:25.298] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:31:25.298] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:31:25.298] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:31:25.299] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:31:25.299] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:31:25.299] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:31:25.486] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai6.pcap.TCP_192-168-88-24_50050_192-168-88-28_50569.1726052724.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283485299, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50569, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.825496045424889, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:31:25.486] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:31:25.486] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:31:25.486] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:31:25.486] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:31:28.403] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24304 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID10-httpCS4.8_win8.1_kali_openjdk_IP.1726074074.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID10-httpCS4.8_win8.1_kali_openjdk_IP.1726074074.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T123127Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=e09cc5cc6c26f2b5b36fe6f04372f6a857ceabc7fee06813cc1599fa2afa670b"} [2025-12-09 20:31:28.404] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:31:28.404] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:31:28.404] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:31:28.404] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:31:28.404] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:31:28.404] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:31:28.623] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID10-httpCS4.8_win8.1_kali_openjdk_IP.1726074074.jsonl|result:{"code": 1, "total_count": 41, "alert_count": 41, "abnormal_count": 41, "normal_count": 0, "timestamp": 1765283488404, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49604, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49582, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49607, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49619, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49588, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49597, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49608, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49620, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49590, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49594, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49583, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49589, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49592, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49618, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49616, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49599, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49605, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49614, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49591, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49603, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49593, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49611, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49602, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49609, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49613, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49587, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49601, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49581, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49595, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49600, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49617, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49586, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49585, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49598, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49580, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49612, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49596, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49584, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49610, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49606, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49615, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:31:28.624] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 41|max_alert: 1000 [2025-12-09 20:31:28.624] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:31:28.624] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:31:28.624] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:31:31.542] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25412 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID4_CS4.8_win11_Ubuntu_openjdk_Domain_tls1.2.1727150401.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID4_CS4.8_win11_Ubuntu_openjdk_Domain_tls1.2.1727150401.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123131Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=75908ac8381d85de345d2ca15ebdef358e8152877832fe00a019cb24c57e4ce1"} [2025-12-09 20:31:31.542] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:31:31.542] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:31:31.542] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:31:31.542] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:31:31.542] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:31:31.542] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:31:31.788] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID4_CS4.8_win11_Ubuntu_openjdk_Domain_tls1.2.1727150401.jsonl|result:{"code": 1, "total_count": 25, "alert_count": 25, "abnormal_count": 25, "normal_count": 0, "timestamp": 1765283491542, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55516, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.4861439463511227, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55507, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.8479151318333323, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55521, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.683175538381093, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55491, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55492, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.978410510477356, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55512, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9996637986661145, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55509, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9788484568353747, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55508, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9205926825128992, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55503, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8344600485778059, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55510, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9705696709660471, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55499, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9919847249709668, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55511, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.7518017274933435, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55513, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9884574425876593, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55519, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9244030807030922, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55526, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9999489778368087, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55500, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9732125747830981, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55504, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.953287405158099, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55502, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.6220932406878601, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55501, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.5884585896065077, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55506, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9985808806330831, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55524, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9081297363527804, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55520, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9560234754077196, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55522, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9020602784234748, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55527, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.877067819234317, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55523, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9104551980051244, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:31:31.788] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 25|max_alert: 1000 [2025-12-09 20:31:31.788] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:31:31.788] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:31:31.788] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:31:34.753] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24305 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.1727226931.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.1727226931.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=7d17873981048750f2b5c5e6fdc61d88204ea0fba2e774abe4347e8b1fb9ee82&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T123134Z&X-Amz-Expires=604800"} [2025-12-09 20:31:34.753] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:31:34.753] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:31:34.753] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:31:34.754] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:31:34.754] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:31:34.754] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:31:34.974] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.1727226931.jsonl|result:{"code": 1, "total_count": 15, "alert_count": 15, "abnormal_count": 15, "normal_count": 0, "timestamp": 1765283494754, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49264, "dest_port": 11111, "y_pred": 3, "y_pred_proba_max": 0.9936836379118769, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49265, "dest_port": 11111, "y_pred": 3, "y_pred_proba_max": 0.9601105095785656, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49271, "dest_port": 11111, "y_pred": 1, "y_pred_proba_max": 0.8185803805228302, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49274, "dest_port": 11111, "y_pred": 1, "y_pred_proba_max": 0.7184302788435447, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49267, "dest_port": 11111, "y_pred": 3, "y_pred_proba_max": 0.8337586644016376, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49276, "dest_port": 11111, "y_pred": 1, "y_pred_proba_max": 0.9491400775322728, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49266, "dest_port": 11111, "y_pred": 3, "y_pred_proba_max": 0.7928496912722264, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49272, "dest_port": 11111, "y_pred": 1, "y_pred_proba_max": 0.9707353194610456, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49270, "dest_port": 11111, "y_pred": 1, "y_pred_proba_max": 0.9708728045951633, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49273, "dest_port": 11111, "y_pred": 1, "y_pred_proba_max": 0.5041510196558787, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49263, "dest_port": 11111, "y_pred": 2, "y_pred_proba_max": 0.37444461013879377, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49275, "dest_port": 11111, "y_pred": 1, "y_pred_proba_max": 0.7875185270297703, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49268, "dest_port": 11111, "y_pred": 1, "y_pred_proba_max": 0.6657972492085006, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49269, "dest_port": 11111, "y_pred": 1, "y_pred_proba_max": 0.8393059320300892, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49277, "dest_port": 11111, "y_pred": 3, "y_pred_proba_max": 0.5128746069253521, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:31:34.974] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 15|max_alert: 1000 [2025-12-09 20:31:34.974] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:31:34.974] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:31:34.974] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:31:37.940] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24306 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID40-tls1.2CS4.8_windowsserver2008R2_ubuntu_openjdk_domain.1726234603.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID40-tls1.2CS4.8_windowsserver2008R2_ubuntu_openjdk_domain.1726234603.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123137Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=9cbdfd97daa23d812074194fdb0da309504b099e10b1308f0a503f0cb3212415"} [2025-12-09 20:31:37.940] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:31:37.940] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:31:37.940] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:31:37.940] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:31:37.941] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:31:37.941] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:31:38.364] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID40-tls1.2CS4.8_windowsserver2008R2_ubuntu_openjdk_domain.1726234603.jsonl|result:{"code": 1, "total_count": 94, "alert_count": 94, "abnormal_count": 94, "normal_count": 0, "timestamp": 1765283497942, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50546, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9611852689744803, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50545, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6991838598288953, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50562, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6726637272613716, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50468, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6513722053428411, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50502, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7284729223119077, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50595, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7069885543938568, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50478, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9640325880280208, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50554, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.547148693914978, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50544, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.967760317468009, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50504, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5818813931499597, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50534, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5378820905522878, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50594, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6723412834076596, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50464, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5679205309295502, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50532, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6355392877740413, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50470, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7598104966549866, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50496, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8438746732113691, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50553, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5641488525719499, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50568, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9855319165742619, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50569, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6621893488977376, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50488, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5212420918696118, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50584, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.49984716327961465, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50472, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7741656272533926, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50508, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8280642098816874, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50522, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7257603507282762, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50557, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.609785407538359, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50580, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5088205928391716, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50587, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5509229506867698, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50564, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7798580818209263, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50543, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8264696595255264, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50581, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7687144267248721, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50571, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8132972843039014, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50498, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5725934640769793, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50561, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5366583512548987, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50548, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9530085997090098, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50567, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7356269739626181, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50590, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5889019634149381, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50514, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8353560628238008, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50516, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6487260101291292, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50549, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5284025496324434, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50552, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8427121700328722, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50563, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5103206769427894, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50510, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5175364587970658, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50530, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.946590779339558, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50589, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6058266327383802, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50542, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7132749215115843, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50506, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6978935829835408, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50518, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5144408930574429, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50586, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.78137373685343, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50512, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.551792927266406, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50536, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.692728785477992, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50490, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9120933472949622, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50466, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.603219252838853, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50480, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7891287316985423, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50484, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6193696143794897, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50547, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9538026490312367, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50577, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8152466674948295, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50592, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9091830877160461, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50593, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9526014311214747, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50596, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8955213457812187, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50526, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7203827601690431, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50482, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5732007657091788, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50551, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8255033610057049, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50538, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5042321957324439, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50572, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.675479520231925, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50474, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5566800330035623, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50574, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6441286676673514, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50500, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7423317379371447, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50560, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5627458172166783, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50575, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5666452912618911, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50573, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7623525473337257, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50583, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8199397298735734, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50528, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5597474272891048, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50555, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6512039867902256, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50520, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.970493896336863, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50570, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7283697743813531, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50582, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6357867694333225, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50576, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5355961317148258, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50588, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5927381274667691, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50565, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7324513125433934, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50492, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9979163560079994, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50550, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5250504310741484, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50559, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5478386206218998, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50591, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7616824572498813, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50579, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.619060314149335, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50585, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6089348955376772, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50476, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8704262128833964, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50494, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8099670653693599, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50486, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5024617412979367, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50524, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6367329819993311, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50540, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9112056124995072, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50558, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.563914018789891, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50578, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5073603272821163, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50566, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6324865600531105, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50556, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5146164051483021, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:31:38.364] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 94|max_alert: 1000 [2025-12-09 20:31:38.364] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:31:38.364] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:31:38.364] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:31:41.110] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25053 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai3zwlkhflow1zwrkh.1726640423.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai3zwlkhflow1zwrkh.1726640423.jsonl?X-Amz-Date=20251209T123140Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=24d56fd097c2a39f2af538d74fe649b6b75c9e95b77f4cf46e3fc216a032e7a2&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:31:41.110] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:31:41.110] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:31:41.110] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:31:41.111] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:31:41.111] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:31:41.111] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:31:41.295] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai3zwlkhflow1zwrkh.1726640423.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283501111, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49277, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8935787646173557, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:31:41.295] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:31:41.295] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:31:41.295] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:31:41.295] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:31:44.321] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24307 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai3zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49277.1726640423.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai3zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49277.1726640423.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T123143Z&X-Amz-Signature=f6396c3a3e003eac2cdeb2969ba3e5e46e5a5f724047023e4995f81e27c02a81&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:31:44.321] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:31:44.321] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:31:44.321] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:31:44.321] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:31:44.321] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:31:44.322] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:31:44.520] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai3zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49277.1726640423.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283504322, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49277, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8935787646173557, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:31:44.520] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:31:44.520] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:31:44.520] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:31:44.520] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:31:47.441] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24308 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-httpCS4.8_win8_ubuntu_openjdk_domain.1726132924.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-httpCS4.8_win8_ubuntu_openjdk_domain.1726132924.jsonl?X-Amz-Signature=9b47f66ea3f9e7a9f70b9ce03298fcb3a116a04abc4222d9c587e754cd059e1a&X-Amz-Date=20251209T123146Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:31:47.441] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:31:47.441] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:31:47.442] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:31:47.442] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:31:47.442] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:31:47.442] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:31:47.651] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-httpCS4.8_win8_ubuntu_openjdk_domain.1726132924.jsonl|result:{"code": 1, "total_count": 29, "alert_count": 29, "abnormal_count": 29, "normal_count": 0, "timestamp": 1765283507442, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49223, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49229, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49227, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49231, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49222, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49214, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49230, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49226, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49233, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49238, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49240, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49225, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49215, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49234, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49232, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49221, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49219, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49216, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49236, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49235, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49218, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49242, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49237, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49220, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49224, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49241, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49228, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49239, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49217, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:31:47.651] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 29|max_alert: 1000 [2025-12-09 20:31:47.651] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:31:47.651] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:31:47.651] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:31:50.547] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25054 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-httpCS4.8_win8_ubuntu_openjdk_domain1.1727161160.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-httpCS4.8_win8_ubuntu_openjdk_domain1.1727161160.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T123150Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=cb03d8fe946f5b257336613c37d04e73c1168b4eb2695ca5be1ce6da9722c4d7"} [2025-12-09 20:31:50.547] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:31:50.547] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:31:50.547] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:31:50.547] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:31:50.547] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:31:50.548] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:31:50.754] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-httpCS4.8_win8_ubuntu_openjdk_domain1.1727161160.jsonl|result:{"code": 1, "total_count": 26, "alert_count": 26, "abnormal_count": 26, "normal_count": 0, "timestamp": 1765283510548, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49266, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49265, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49267, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49268, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49254, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49270, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49259, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49257, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49250, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49251, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49261, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49273, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49258, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49271, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49272, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49274, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49263, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49255, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49269, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49260, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49262, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49253, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49256, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49249, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49252, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49264, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:31:50.754] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 26|max_alert: 1000 [2025-12-09 20:31:50.754] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:31:50.754] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:31:50.754] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:31:53.690] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24309 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID10-httpCS4.8_win8.1_kali_openjdk_domain.1726074530.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID10-httpCS4.8_win8.1_kali_openjdk_domain.1726074530.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=8711869661ca44eab472be23b8aac0b54bc6d01099cbe2fecebfbc5bbd3a6681&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T123153Z&X-Amz-Expires=604800"} [2025-12-09 20:31:53.690] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:31:53.690] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:31:53.690] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:31:53.690] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:31:53.690] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:31:53.691] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:31:53.893] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID10-httpCS4.8_win8.1_kali_openjdk_domain.1726074530.jsonl|result:{"code": 1, "total_count": 22, "alert_count": 22, "abnormal_count": 22, "normal_count": 0, "timestamp": 1765283513691, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49665, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49654, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "23.6.178.36", "protocol": 6, "src_port": 49670, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49655, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49669, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "184.28.50.138", "protocol": 6, "src_port": 49673, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "138.113.153.218", "protocol": 6, "src_port": 49671, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 3, "2_sum": 3, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49664, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49656, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49657, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49659, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49658, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49663, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49660, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49667, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "138.113.153.218", "protocol": 6, "src_port": 49672, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 3, "2_sum": 3, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49662, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49666, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49661, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49668, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "138.113.153.218", "protocol": 6, "src_port": 49674, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 3, "2_sum": 3, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49653, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:31:53.894] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 22|max_alert: 1000 [2025-12-09 20:31:53.894] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:31:53.894] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:31:53.894] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:31:56.810] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24310 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID9-httpCS4.8_win8.1_kali_jdk_IP.1726074931.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID9-httpCS4.8_win8.1_kali_jdk_IP.1726074931.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123156Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=4e1b7daad0c76199b884694e3e8d5146a58ef0dcd7eab4ff24bc03b4bdf203b8&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:31:56.811] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:31:56.811] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:31:56.811] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:31:56.811] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:31:56.811] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:31:56.811] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:31:57.051] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID9-httpCS4.8_win8.1_kali_jdk_IP.1726074931.jsonl|result:{"code": 1, "total_count": 24, "alert_count": 24, "abnormal_count": 24, "normal_count": 0, "timestamp": 1765283516811, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49719, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49733, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49722, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49725, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49737, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49717, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49734, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49723, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49729, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49720, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49736, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49739, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49718, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49724, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49738, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49732, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49721, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49728, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49731, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49716, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49730, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49726, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49735, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49727, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:31:57.051] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 24|max_alert: 1000 [2025-12-09 20:31:57.051] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:31:57.051] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:31:57.051] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:32:00.008] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25413 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID38-tls1.2CS4.8_windowsserver2008R2_kali_openjdk_domain.1726230460.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID38-tls1.2CS4.8_windowsserver2008R2_kali_openjdk_domain.1726230460.jsonl?X-Amz-Signature=53eaf403f239644806678d661216a0128efef1a970dba16a91bd84cef737c5ad&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123159Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:32:00.008] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:32:00.008] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:32:00.008] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:32:00.008] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:32:00.008] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:32:00.009] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:32:00.422] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID38-tls1.2CS4.8_windowsserver2008R2_kali_openjdk_domain.1726230460.jsonl|result:{"code": 1, "total_count": 90, "alert_count": 90, "abnormal_count": 90, "normal_count": 0, "timestamp": 1765283520009, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49468, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.991424703098734, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49452, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5824815831248397, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49456, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7113504543518123, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49462, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6575650333457976, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49494, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5894361588722348, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49479, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7045751573267934, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49501, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7722971478788869, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49491, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.590021371494072, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49511, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5402362624752578, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49482, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6123162487085643, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49527, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.607901017980649, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49528, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7413833303354331, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49530, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.606946734191249, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49460, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7345915618399619, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49532, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9867898615092959, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49446, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6819932509013528, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49472, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7855186115373806, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49483, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9920394507196982, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49463, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.596358860579432, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49464, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9725273986502229, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49480, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6975985663579318, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49524, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7484934829667146, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49470, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7307834057424551, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49445, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5022010760095998, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49477, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8043759669497067, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49490, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6812331374457752, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49504, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5379185287947265, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49473, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5472655616410581, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49493, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5453117199121083, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49471, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6443961464301183, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49441, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6546824185167645, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49476, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5875019532739597, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49443, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5815255122524343, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49461, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.695573505717408, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49500, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7649039296093657, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49502, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6838795189887472, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49484, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6817420112712123, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49496, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5566837274198926, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49475, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9670619280029501, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49513, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.659217037147992, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49481, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7767141245395189, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49518, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6303482610664398, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49529, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6563250061570197, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49489, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7220707948083799, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49454, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5124936847947613, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49525, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6579941274407572, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49459, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9762049068847556, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49510, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5148096984077899, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49512, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6591209109714081, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49488, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6616371768840189, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49519, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5533439031860232, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49503, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6661850386831465, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49449, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.75274523507748, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49508, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5529891203143705, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49520, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5256540631220632, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49492, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6153417684302692, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49465, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7601390104922476, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49495, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5871797644337234, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49507, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5641175068064324, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49506, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.706125616473185, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49521, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5315625832236843, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49531, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6168154502485174, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49497, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5826337556096496, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49515, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6992166048822275, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49447, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9922254502108101, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49450, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5338028945587453, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49451, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5289609510416242, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49474, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6793304625309812, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49469, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5539180304264643, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49499, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5528003035167757, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49458, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6204198361499252, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49485, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5396349590131616, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49487, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5472639091892713, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49509, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5323659322918523, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49514, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6642862606437206, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49453, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5083155836842734, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49466, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6213956143147675, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49467, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7175003227798448, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49478, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5464312476939353, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49505, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6566182337069786, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49517, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5014922349484835, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49523, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5342119033905562, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49516, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.607980260209452, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49457, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.682120491564812, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49522, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6663533911925095, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49448, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6200626202805145, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49455, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5154830697824938, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49486, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6369198273676046, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49526, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6919893005821942, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49498, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6268955225011414, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:32:00.422] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 90|max_alert: 1000 [2025-12-09 20:32:00.422] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:32:00.422] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:32:00.422] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:32:03.113] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24311 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID35-httpCS4.8_windowsserver2008_kali_jdk_IP.1727226754.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID35-httpCS4.8_windowsserver2008_kali_jdk_IP.1727226754.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=5455a5675ffa713abf18b634720d5559d536925c0cdef666488dca8fce5b746b&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T123202Z&X-Amz-Expires=604800"} [2025-12-09 20:32:03.113] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:32:03.113] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:32:03.114] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:32:03.114] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:32:03.114] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:32:03.114] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:32:03.317] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID35-httpCS4.8_windowsserver2008_kali_jdk_IP.1727226754.jsonl|result:{"code": 1, "total_count": 22, "alert_count": 22, "abnormal_count": 22, "normal_count": 0, "timestamp": 1765283523114, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49239, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49240, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49219, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49220, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49221, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49224, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49228, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49225, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49231, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49233, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49222, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49223, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49232, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49229, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49227, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49234, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49238, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49230, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49236, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49235, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49237, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49226, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:32:03.317] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 22|max_alert: 1000 [2025-12-09 20:32:03.317] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:32:03.317] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:32:03.317] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:32:06.221] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25055 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-httpCS4.8_win8_ubuntu_openjdk_IP1.1727160805.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-httpCS4.8_win8_ubuntu_openjdk_IP1.1727160805.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=980c8f887bf933fa4ab22ef58036797f47217adfb127e3aa9fb79abc6ae09633&X-Amz-Expires=604800&X-Amz-Date=20251209T123205Z"} [2025-12-09 20:32:06.221] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:32:06.221] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:32:06.222] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:32:06.222] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:32:06.222] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:32:06.222] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:32:06.425] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-httpCS4.8_win8_ubuntu_openjdk_IP1.1727160805.jsonl|result:{"code": 1, "total_count": 23, "alert_count": 23, "abnormal_count": 23, "normal_count": 0, "timestamp": 1765283526222, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49199, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 23, "2_sum": 23, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49217, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 23, "2_sum": 23, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49212, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 23, "2_sum": 23, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49206, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 23, "2_sum": 23, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49214, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 23, "2_sum": 23, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49208, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 23, "2_sum": 23, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49216, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 23, "2_sum": 23, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49219, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 23, "2_sum": 23, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49202, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 23, "2_sum": 23, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49203, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 23, "2_sum": 23, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49210, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 23, "2_sum": 23, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49205, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 23, "2_sum": 23, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49215, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 23, "2_sum": 23, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49220, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 23, "2_sum": 23, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49209, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 23, "2_sum": 23, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49201, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 23, "2_sum": 23, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49213, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 23, "2_sum": 23, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49204, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 23, "2_sum": 23, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49211, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 23, "2_sum": 23, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49198, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 23, "2_sum": 23, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49207, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 23, "2_sum": 23, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49200, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 23, "2_sum": 23, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49218, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 23, "2_sum": 23, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:32:06.425] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 23|max_alert: 1000 [2025-12-09 20:32:06.425] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:32:06.425] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:32:06.425] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:32:09.340] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25414 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID12-httpCS4.8_win8.1_ubuntu_openjdk_IP.1726072543.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID12-httpCS4.8_win8.1_ubuntu_openjdk_IP.1726072543.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=e3dbd8d097feb4e9389df9077360f2138e6b10543a6c740ca04f1b1de1739f41&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123208Z"} [2025-12-09 20:32:09.340] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:32:09.340] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:32:09.340] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:32:09.340] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:32:09.340] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:32:09.341] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:32:09.544] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID12-httpCS4.8_win8.1_ubuntu_openjdk_IP.1726072543.jsonl|result:{"code": 1, "total_count": 23, "alert_count": 23, "abnormal_count": 23, "normal_count": 0, "timestamp": 1765283529341, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49460, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49458, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49461, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49462, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49467, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49450, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49447, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49451, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49453, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49449, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "150.171.28.10", "protocol": 6, "src_port": 49241, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49456, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49463, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49455, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49452, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49457, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49454, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49459, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49465, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49468, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49464, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49448, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49466, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:32:09.544] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 23|max_alert: 1000 [2025-12-09 20:32:09.544] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:32:09.544] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:32:09.544] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:32:12.530] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25056 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai4.1726052256.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai4.1726052256.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123212Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=3a04445f672fe66d0b68b746e0176ef6730571c792bcde91802f196275382053"} [2025-12-09 20:32:12.530] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:32:12.530] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:32:12.530] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:32:12.530] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:32:12.530] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:32:12.531] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:32:12.718] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai4.1726052256.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283532532, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50549, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8492959321830071, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:32:12.718] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:32:12.718] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:32:12.718] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:32:12.718] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:32:15.688] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25057 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai3zwlkhflow1zwrkh.1726641744.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai3zwlkhflow1zwrkh.1726641744.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T123215Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=458aa3017f02543fb554acdc1ff4c908f95bd110a74f72dc62f80b032785e458"} [2025-12-09 20:32:15.688] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:32:15.688] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:32:15.688] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:32:15.688] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:32:15.688] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:32:15.688] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:32:15.874] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai3zwlkhflow1zwrkh.1726641744.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283535689, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49290, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8777284509713295, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:32:15.874] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:32:15.874] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:32:15.874] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:32:15.874] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:32:18.847] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25058 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai3zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49290.1726641744.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai3zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49290.1726641744.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T123218Z&X-Amz-Signature=f295b3ecb15533b42d30e0829591a940d52ee869c682f8d4cfb0ab6b7dba8d12&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 20:32:18.847] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:32:18.847] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:32:18.847] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:32:18.847] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:32:18.847] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:32:18.848] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:32:19.034] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai3zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49290.1726641744.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283538848, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49290, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8777284509713295, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:32:19.034] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:32:19.034] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:32:19.034] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:32:19.034] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:32:22.058] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24312 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai4.pcap.TCP_192-168-88-24_50050_192-168-88-28_50549.1726052256.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai4.pcap.TCP_192-168-88-24_50050_192-168-88-28_50549.1726052256.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123221Z&X-Amz-Signature=3637bacd3490ecdc886f6feca0da528688a228e5855130e767b48cb4c1ac072b"} [2025-12-09 20:32:22.058] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:32:22.058] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:32:22.058] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:32:22.058] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:32:22.059] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:32:22.059] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:32:22.256] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai4.pcap.TCP_192-168-88-24_50050_192-168-88-28_50549.1726052256.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283542059, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50549, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8492959321830071, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:32:22.256] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:32:22.256] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:32:22.256] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:32:22.256] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:32:25.251] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24313 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID39-tls1.2CS4.8_windowsserver2008R2_ubuntu_jdk_domain.1726236552.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID39-tls1.2CS4.8_windowsserver2008R2_ubuntu_jdk_domain.1726236552.jsonl?X-Amz-Date=20251209T123224Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=20862ee9c89f3adba39687509604ad78414ae3ac0574bfa1ab18a3c5eff4d42f&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:32:25.251] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:32:25.251] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:32:25.251] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:32:25.252] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:32:25.252] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:32:25.252] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:32:25.664] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID39-tls1.2CS4.8_windowsserver2008R2_ubuntu_jdk_domain.1726236552.jsonl|result:{"code": 1, "total_count": 90, "alert_count": 90, "abnormal_count": 90, "normal_count": 0, "timestamp": 1765283545253, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51360, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5623515585566103, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51340, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5613004594768036, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51374, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.770036275709574, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51444, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5689669749614265, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51432, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7425973885718423, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51398, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6957457672108931, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51423, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.729258416520846, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51388, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5202683248737405, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51356, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6236045882243191, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51336, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9979460988356845, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51322, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6012791940143964, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51430, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7457409516726554, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51456, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8811388108992803, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51342, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6165398056635369, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51450, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8031181644481512, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51429, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5489358598047054, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51447, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5252912989087726, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51420, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6130535942857759, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51380, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7851350207439267, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51396, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5617204323198931, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51410, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7151713818375162, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51435, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8244751246801969, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51441, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5569243695678362, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51332, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7245359046778231, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51404, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7573675986377141, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51449, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6293177743657515, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51326, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5351507584216124, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51344, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9927495624786069, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51427, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6215147128944174, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51316, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5860054587632569, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51376, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8347741106371109, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51408, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.625162396821717, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51428, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5688012678160036, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51334, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6127407946951313, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51402, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9119743907911747, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51328, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5362628335612337, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51378, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8726666891810971, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51431, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7336579305789526, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51312, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6734190119775048, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51318, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.544471568308583, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51433, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5470748257606949, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51436, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.918583878800292, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51324, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5039576597456624, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51390, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.661523523406917, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51452, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8542808420811819, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51439, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6355764444341245, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51314, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6724818350650889, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51406, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5867775161085178, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51372, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7092782953274414, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51434, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6719150723445916, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51446, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9497314686322079, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51453, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5269543570214478, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51348, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5987912796845684, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51352, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.684233490494642, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51400, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7184670774761085, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51412, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7135545614189165, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51350, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5522919826985178, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51422, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7552403728617595, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51320, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9949454835370803, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51384, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5619324389005113, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51416, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9824235720224288, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51424, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5519351741871237, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51362, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9243937567511127, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51418, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6677071382398372, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51366, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5591067532865295, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51382, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5409098129599171, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51425, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5372299788246396, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51370, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8118931594784338, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51437, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6539839260359753, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51338, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5727862990526253, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51440, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7189929318211459, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51445, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.705933990966164, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51451, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7076495761693308, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51354, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6758381458412803, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51454, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.726360335840861, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51414, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.611002406814032, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51438, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6816617389528793, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51346, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7741569806267606, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51394, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5643594079789483, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51368, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8570694449630251, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51392, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5182159599943675, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51442, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7064533890274473, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51358, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6669310964883991, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51386, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8601014616454727, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51426, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5875052502067546, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51443, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6085357449663986, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51455, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6587788184298815, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51330, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5559702533665464, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51364, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5159812346109576, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51448, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6077268354601754, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:32:25.664] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 90|max_alert: 1000 [2025-12-09 20:32:25.664] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:32:25.664] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:32:25.664] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:32:28.426] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24314 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai2zwlkhflow1zwrkh.1726640366.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai2zwlkhflow1zwrkh.1726640366.jsonl?X-Amz-Signature=b45d64b2e717f57292b35a6f99d132212d440444c1b76fd5e9534070dfc60876&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T123227Z"} [2025-12-09 20:32:28.426] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:32:28.426] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:32:28.427] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:32:28.427] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:32:28.427] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:32:28.427] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:32:28.611] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai2zwlkhflow1zwrkh.1726640366.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283548427, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49276, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.6770707303795201, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:32:28.611] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:32:28.611] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:32:28.611] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:32:28.611] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:32:31.563] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25059 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai2zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49276.1726640366.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai2zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49276.1726640366.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=19763c624911c529d999e9194f4d528d2a1c4a146919eb62eeb60eb81c8452f7&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T123231Z"} [2025-12-09 20:32:31.563] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:32:31.563] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:32:31.563] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:32:31.563] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:32:31.563] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:32:31.563] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:32:31.782] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai2zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49276.1726640366.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283551563, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49276, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.6770707303795201, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:32:31.782] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:32:31.783] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:32:31.783] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:32:31.783] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:32:34.667] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24315 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID12-httpCS4.8_win8.1_ubuntu_openjdk_domain.1726072874.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID12-httpCS4.8_win8.1_ubuntu_openjdk_domain.1726072874.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123234Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=9a5f50214ae7d7fed670b2bc7c5f7277118e9f2423c0f2d19b6878f948c56b91"} [2025-12-09 20:32:34.667] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:32:34.667] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:32:34.667] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:32:34.667] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:32:34.667] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:32:34.668] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:32:34.865] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID12-httpCS4.8_win8.1_ubuntu_openjdk_domain.1726072874.jsonl|result:{"code": 1, "total_count": 18, "alert_count": 18, "abnormal_count": 18, "normal_count": 0, "timestamp": 1765283554668, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49505, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 18, "2_sum": 18, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49502, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 18, "2_sum": 18, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49518, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 18, "2_sum": 18, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49504, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 18, "2_sum": 18, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49507, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 18, "2_sum": 18, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49508, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 18, "2_sum": 18, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49515, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 18, "2_sum": 18, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49506, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 18, "2_sum": 18, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49510, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 18, "2_sum": 18, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49516, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 18, "2_sum": 18, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49509, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 18, "2_sum": 18, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49513, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 18, "2_sum": 18, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49519, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 18, "2_sum": 18, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49517, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 18, "2_sum": 18, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49512, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 18, "2_sum": 18, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49511, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 18, "2_sum": 18, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49503, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 18, "2_sum": 18, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49514, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 18, "2_sum": 18, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:32:34.865] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 18|max_alert: 1000 [2025-12-09 20:32:34.865] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:32:34.865] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:32:34.865] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:32:37.791] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24316 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-httpCS4.8_win8_ubuntu_openjdk_IP.1726133318.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-httpCS4.8_win8_ubuntu_openjdk_IP.1726133318.jsonl?X-Amz-Signature=f1e5d977c612796c38b53ae823f8b6ce50f1248ae8d02de0b1de2064e9dd72f0&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T123237Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:32:37.791] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:32:37.791] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:32:37.791] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:32:37.791] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:32:37.791] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:32:37.792] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:32:37.989] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-httpCS4.8_win8_ubuntu_openjdk_IP.1726133318.jsonl|result:{"code": 1, "total_count": 16, "alert_count": 16, "abnormal_count": 16, "normal_count": 0, "timestamp": 1765283557792, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49297, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49304, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49298, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49302, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49305, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49293, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49294, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49299, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49300, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49301, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49306, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49303, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49308, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49296, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49295, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49307, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:32:37.989] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 16|max_alert: 1000 [2025-12-09 20:32:37.989] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:32:37.989] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:32:37.989] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:32:40.937] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25060 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai2zwlkhflow1zwrkh.1726641687.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai2zwlkhflow1zwrkh.1726641687.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=35801368f9f16c0dca520f5d711206346ae62b29112dcb4a3603a029c7255d95&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123240Z"} [2025-12-09 20:32:40.937] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:32:40.937] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:32:40.937] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:32:40.937] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:32:40.937] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:32:40.938] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:32:41.126] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai2zwlkhflow1zwrkh.1726641687.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283560938, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49289, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8173263833964768, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:32:41.126] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:32:41.126] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:32:41.126] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:32:41.126] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:32:44.132] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25061 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai2zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49289.1726641687.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai2zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49289.1726641687.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T123243Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=411961d28ef8d27bb1d1e393aed5db6c527c52530e68e72d8d6f429c775f07ee"} [2025-12-09 20:32:44.132] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:32:44.133] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:32:44.133] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:32:44.133] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:32:44.133] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:32:44.134] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:32:44.334] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai2zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49289.1726641687.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283564134, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49289, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8173263833964768, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:32:44.334] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:32:44.334] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:32:44.334] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:32:44.334] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:32:47.312] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24317 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai1ywlkhflow_1ywrkh.1726623265.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai1ywlkhflow_1ywrkh.1726623265.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T123246Z&X-Amz-SignedHeaders=host&X-Amz-Signature=424330c592f3db81c02ebf3b0753cbad4d20f99764e52a1659ba52b1ab64a630"} [2025-12-09 20:32:47.312] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:32:47.312] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:32:47.312] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:32:47.312] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:32:47.312] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:32:47.312] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:32:47.495] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai1ywlkhflow_1ywrkh.1726623265.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283567312, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50369, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9808746490590238, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:32:47.495] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:32:47.495] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:32:47.495] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:32:47.495] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:32:50.483] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25062 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai1ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50369.1726623265.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai1ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50369.1726623265.jsonl?X-Amz-Date=20251209T123249Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=f24c40c8fa2a31d02c5fe55726707aee2f51b44b88dfcf0aa6e015e8e958f593"} [2025-12-09 20:32:50.483] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:32:50.483] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:32:50.483] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:32:50.483] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:32:50.483] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:32:50.484] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:32:50.670] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai1ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50369.1726623265.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283570484, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50369, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9808746490590238, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:32:50.670] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:32:50.670] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:32:50.670] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:32:50.670] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:32:53.600] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25063 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID11-httpCS4.8_win8.1_ubuntu_jdk_IP.1726068440.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID11-httpCS4.8_win8.1_ubuntu_jdk_IP.1726068440.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251209T123253Z&X-Amz-Signature=22a786f4b2d8c0f2c90c0207b65821a5f7e883349e83f19886a93cf47517acae&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:32:53.600] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:32:53.600] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:32:53.600] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:32:53.600] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:32:53.600] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:32:53.601] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:32:53.808] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID11-httpCS4.8_win8.1_ubuntu_jdk_IP.1726068440.jsonl|result:{"code": 1, "total_count": 19, "alert_count": 19, "abnormal_count": 19, "normal_count": 0, "timestamp": 1765283573601, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49244, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49262, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49255, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49258, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49245, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49250, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49260, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49254, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49256, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49246, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49251, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49257, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49252, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49261, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49248, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49247, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49259, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49249, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49253, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:32:53.808] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 19|max_alert: 1000 [2025-12-09 20:32:53.808] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:32:53.808] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:32:53.808] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:32:56.782] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24318 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai5ywlkhflow_1ywrkh.1726050776.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai5ywlkhflow_1ywrkh.1726050776.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T123256Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=172cfedc8165c25d6a803f00947874c679bfc1344641b8c3418f864a78f35a59&X-Amz-SignedHeaders=host"} [2025-12-09 20:32:56.782] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:32:56.782] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:32:56.783] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:32:56.783] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:32:56.783] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:32:56.783] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:32:56.970] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai5ywlkhflow_1ywrkh.1726050776.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283576784, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50482, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.45310155500515314, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:32:56.970] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:32:56.970] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:32:56.970] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:32:56.970] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:32:59.942] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25064 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai5ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50482.1726050776.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai5ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50482.1726050776.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123259Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=363c9e4609a5b9be8c5e1ee7fbf4517d7ebdec070b6c3d2fc55dfe7954672b34&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:32:59.943] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:32:59.943] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:32:59.943] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:32:59.943] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:32:59.943] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:32:59.943] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:33:00.130] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai5ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50482.1726050776.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283579943, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50482, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.45310155500515314, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:33:00.130] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:33:00.130] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:33:00.130] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:33:00.130] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:33:03.108] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25415 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai2ywlkhflow_1ywrkh.1726623640.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai2ywlkhflow_1ywrkh.1726623640.jsonl?X-Amz-Date=20251209T123302Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=2ad8f5c6ea0375709fa5e416ee033131eb8224236c24653ebbfac93382950cbe"} [2025-12-09 20:33:03.108] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:33:03.108] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:33:03.108] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:33:03.108] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:33:03.108] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:33:03.109] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:33:03.295] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai2ywlkhflow_1ywrkh.1726623640.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283583109, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50370, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9775966523603508, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:33:03.295] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:33:03.295] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:33:03.295] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:33:03.295] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:33:06.289] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25065 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai2ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50370.1726623640.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai2ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50370.1726623640.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T123305Z&X-Amz-Signature=e9b320d39779019465b6c0fd3c56e090b96d61224a28049e9bb509fff7f3c091&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 20:33:06.289] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:33:06.289] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:33:06.290] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:33:06.290] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:33:06.290] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:33:06.291] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:33:06.478] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai2ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50370.1726623640.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283586291, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50370, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9775966523603508, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:33:06.478] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:33:06.478] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:33:06.478] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:33:06.478] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:33:09.470] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25416 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai5.1726052669.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai5.1726052669.jsonl?X-Amz-Date=20251209T123308Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=3d9a65851c6ba9e6c0b4619fa22b0f4672913032a9b60cdee63a4bd022486132&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:33:09.470] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:33:09.470] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:33:09.471] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:33:09.471] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:33:09.471] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:33:09.472] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:33:09.664] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai5.1726052669.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283589472, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50566, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.6385751642051006, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:33:09.664] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:33:09.664] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:33:09.664] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:33:09.664] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:33:12.652] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25066 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai5.pcap.TCP_192-168-88-24_50050_192-168-88-28_50566.1726052669.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai5.pcap.TCP_192-168-88-24_50050_192-168-88-28_50566.1726052669.jsonl?X-Amz-Signature=30cb7a868f6f8dfe2d6b6658c0b59fe10fd39caa92c9a837cde293121220fd20&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T123312Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:33:12.652] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:33:12.652] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:33:12.652] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:33:12.652] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:33:12.652] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:33:12.653] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:33:12.840] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai5.pcap.TCP_192-168-88-24_50050_192-168-88-28_50566.1726052669.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283592653, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50566, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.6385751642051006, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:33:12.840] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:33:12.840] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:33:12.840] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:33:12.840] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:33:15.755] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25417 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID9-httpCS4.8_win8.1_kali_jdk_domain.1726075256.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID9-httpCS4.8_win8.1_kali_jdk_domain.1726075256.jsonl?X-Amz-Signature=e1c5d17c28d6d9f0cb852132e62b803528e4872ea49a28e6dd30aea3cfb34baf&X-Amz-Date=20251209T123315Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:33:15.755] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:33:15.755] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:33:15.755] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:33:15.755] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:33:15.755] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:33:15.756] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:33:15.950] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID9-httpCS4.8_win8.1_kali_jdk_domain.1726075256.jsonl|result:{"code": 1, "total_count": 11, "alert_count": 11, "abnormal_count": 11, "normal_count": 0, "timestamp": 1765283595756, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49770, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49769, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49772, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49774, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49777, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49773, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49778, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49779, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49771, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49776, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49775, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:33:15.950] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 11|max_alert: 1000 [2025-12-09 20:33:15.950] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:33:15.950] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:33:15.950] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:33:18.964] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25067 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49161.1727228273.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49161.1727228273.jsonl?X-Amz-Signature=b0064e88e2571ba1821f7a12894130a510ec047180923e434c04f35f1a10509e&X-Amz-Date=20251209T123318Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-09 20:33:18.964] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:33:18.964] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:33:18.964] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:33:18.964] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:33:18.964] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:33:18.965] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:33:19.177] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49161.1727228273.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283598965, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49161, "dest_port": 51129, "y_pred": 2, "y_pred_proba_max": 0.7683776990714972, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:33:19.177] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:33:19.177] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:33:19.177] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:33:19.177] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:33:22.158] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25418 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai1zwlkhflow1zwrkh.1726641532.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai1zwlkhflow1zwrkh.1726641532.jsonl?X-Amz-Date=20251209T123321Z&X-Amz-Signature=17ccebf9bbec49f04e23eea89d4bc5b55ea680ebda3be0f02216409d282d3780&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:33:22.158] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:33:22.158] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:33:22.158] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:33:22.158] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:33:22.158] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:33:22.159] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:33:22.348] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai1zwlkhflow1zwrkh.1726641532.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283602160, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49288, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9783858699772497, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:33:22.348] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:33:22.348] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:33:22.348] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:33:22.348] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:33:25.361] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25419 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai1zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49288.1726641532.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai1zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49288.1726641532.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=267c0a0b14402f465d00b1f1a5aeb1a3adf2e585ec3d3062ecb0efa5175d36b2&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123324Z"} [2025-12-09 20:33:25.361] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:33:25.361] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:33:25.361] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:33:25.361] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:33:25.361] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:33:25.361] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:33:25.560] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai1zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49288.1726641532.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283605361, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49288, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9783858699772497, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:33:25.560] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:33:25.560] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:33:25.560] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:33:25.560] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:33:28.519] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24319 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai6.1726052444.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai6.1726052444.jsonl?X-Amz-Date=20251209T123328Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=51d20c3bbf7ff3fc85a26f4b51ccfbdd2db00463b1d64d1f3eed43892ddac64f&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:33:28.519] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:33:28.519] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:33:28.519] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:33:28.519] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:33:28.519] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:33:28.519] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:33:28.706] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai6.1726052444.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283608520, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50557, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9373910290954762, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:33:28.706] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:33:28.706] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:33:28.706] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:33:28.706] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:33:31.737] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25068 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai6.pcap.TCP_192-168-88-24_50050_192-168-88-28_50557.1726052444.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai6.pcap.TCP_192-168-88-24_50050_192-168-88-28_50557.1726052444.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=2c107275d7da547fffccf121c8ba153e2cb752986ed6231664363d01dfba2eff&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T123331Z&X-Amz-Expires=604800"} [2025-12-09 20:33:31.737] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:33:31.737] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:33:31.737] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:33:31.737] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:33:31.737] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:33:31.737] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:33:31.939] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai6.pcap.TCP_192-168-88-24_50050_192-168-88-28_50557.1726052444.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283611738, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50557, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9373910290954762, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:33:31.939] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:33:31.939] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:33:31.939] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:33:31.939] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:33:34.889] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24320 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai1zwlkhflow1zwrkh.1726640312.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai1zwlkhflow1zwrkh.1726640312.jsonl?X-Amz-Signature=4d72025539ebbd7c1f58a36f5f8ef21e62e52412d0d81edc8a5f985df14c9405&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T123334Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:33:34.889] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:33:34.889] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:33:34.889] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:33:34.889] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:33:34.889] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:33:34.890] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:33:35.072] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai1zwlkhflow1zwrkh.1726640312.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283614890, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49275, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9185194083118303, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:33:35.072] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:33:35.072] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:33:35.072] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:33:35.072] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:33:38.098] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24321 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai1zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49275.1726640312.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai1zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49275.1726640312.jsonl?X-Amz-Date=20251209T123337Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=cb8db4039eb8daf55dc27b35edcacf614e4ebe1b2dd2abd8a980b38739355a92"} [2025-12-09 20:33:38.099] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:33:38.099] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:33:38.099] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:33:38.099] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:33:38.099] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:33:38.099] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:33:38.309] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai1zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49275.1726640312.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283618100, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49275, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9185194083118303, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:33:38.309] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:33:38.309] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:33:38.309] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:33:38.309] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:33:41.257] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25420 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai3zwlkhflow1zwrkh.1726641385.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai3zwlkhflow1zwrkh.1726641385.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251209T123340Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=54e7f7e4a79d8e1698bf68adf5063ce05ce7967200893bacfd870ff2b70ecea7"} [2025-12-09 20:33:41.257] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:33:41.257] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:33:41.258] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:33:41.258] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:33:41.258] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:33:41.258] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:33:41.484] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai3zwlkhflow1zwrkh.1726641385.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283621258, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49287, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9196451214947032, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:33:41.484] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:33:41.484] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:33:41.484] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:33:41.484] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:33:44.436] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25421 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai3zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49287.1726641385.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai3zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49287.1726641385.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123343Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=59246409b108bd97abe91086eefe1008db7e99271a8d52fe5479e1f1e5a6bd29"} [2025-12-09 20:33:44.436] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:33:44.436] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:33:44.436] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:33:44.436] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:33:44.436] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:33:44.436] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:33:44.618] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai3zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49287.1726641385.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283624437, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49287, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9196451214947032, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:33:44.618] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:33:44.618] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:33:44.618] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:33:44.618] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:33:47.658] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25069 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID37-tls1.2CS4.8_windowsserver2008R2_kali_jdk_domain.1726232231.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID37-tls1.2CS4.8_windowsserver2008R2_kali_jdk_domain.1726232231.jsonl?X-Amz-Date=20251209T123347Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=d070c9f1fad6a3a4490263f3ceb3b3b3d10435e7a3bb37b35921d0044ff13980"} [2025-12-09 20:33:47.658] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:33:47.658] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:33:47.658] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:33:47.658] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:33:47.658] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:33:47.658] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:33:48.055] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID37-tls1.2CS4.8_windowsserver2008R2_kali_jdk_domain.1726232231.jsonl|result:{"code": 1, "total_count": 80, "alert_count": 80, "abnormal_count": 80, "normal_count": 0, "timestamp": 1765283627658, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50016, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5973408752956876, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49997, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7595764567170391, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50017, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5126317805497819, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49965, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6531620012287473, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49972, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5524498089566189, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49952, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5091455549440063, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50032, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6387267754455331, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49991, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6810683210938557, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49992, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9827369941385252, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50010, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.533498144812679, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50001, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5459330375956434, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50018, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5110580933442652, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50013, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5526232311972807, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50009, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6144328092860509, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49974, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7995098274011299, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49988, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9902387015626368, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50026, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6083669672342925, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49981, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.59164166555831, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49969, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6784933953486849, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49982, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7544703228860329, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50014, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5777948650150248, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50023, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5748495527829497, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49989, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7111372270866854, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50024, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7299816814923631, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49985, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7899963916430714, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50030, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5303612185224401, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50027, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6740535908658616, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50021, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7636279928629104, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50031, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6257465530286616, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49976, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6060498259280919, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49987, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7439166702994939, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50022, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6028831533738312, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49968, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6629888180424506, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49971, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5980179024082813, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49954, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6050377157364358, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50003, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5846644029436604, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50020, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.634253548647103, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50002, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8206839068554096, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49963, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5992755118696106, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49956, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7344888959447603, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49995, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7774524223939101, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49994, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6011464815712649, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50005, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7641371717396375, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49996, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9878122062996755, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49999, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5514991554710011, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49970, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5357779074294211, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49986, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7301013257121356, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49990, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7119592523807355, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50015, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6900970307293702, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50008, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5334381985888891, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49993, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6141013357476438, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50000, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7378891602627088, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50029, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6725985852957731, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50033, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9919519309011668, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49959, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6953602965575458, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49964, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6066803816067922, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49962, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6147130260899828, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49958, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6363029979065304, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50025, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5093077470645999, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50028, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5262059467082773, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49979, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5763897777191251, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49966, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6222665733341329, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49961, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6564067243467433, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49975, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6070117865114136, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49977, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6970618249174817, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49960, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7262220376531319, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49957, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6391275377848563, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50019, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5421615983370501, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49984, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9933055255614424, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49967, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6184394933444798, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50006, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6413859888941502, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49973, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.511021878025611, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49980, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6127460862510891, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50004, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7066473226866763, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49978, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8772553231692971, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50007, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5459255778297224, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49983, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5488108360844786, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49998, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.523571007562238, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50011, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7431681293642223, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50012, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8590516028663469, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:33:48.056] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 80|max_alert: 1000 [2025-12-09 20:33:48.056] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:33:48.056] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:33:48.056] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:33:50.820] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25422 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.1727159624.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.1727159624.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T123350Z&X-Amz-SignedHeaders=host&X-Amz-Signature=485b7d353e6cf981ae7cd5c1f3dc2380d85b74d8dd3aa08d13ee04e942b66b5a&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:33:50.820] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:33:50.820] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:33:50.820] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:33:50.820] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:33:50.820] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:33:50.821] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:33:51.135] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.1727159624.jsonl|result:{"code": 1, "total_count": 51, "alert_count": 51, "abnormal_count": 51, "normal_count": 0, "timestamp": 1765283630821, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50445, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9967850187757732, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50463, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.7212493263319284, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50466, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9385947596844778, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50479, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8608551881795766, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50489, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.7730757449807033, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50491, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9055755776829566, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50482, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.7632523561242499, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50465, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9918610516124646, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50446, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.6207118035310338, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50464, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9927556625666566, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50480, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8768360047823152, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50469, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9630902025436278, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50481, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.6620730752219484, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50471, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8753867325600264, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50456, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.6550124542186542, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50467, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.7115084736428052, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50447, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9948477535374655, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50477, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8894632108572206, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50476, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9444439587238346, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50484, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.777173441974523, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50485, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8079560299283343, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50490, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9083148784560441, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50492, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9985325956810535, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50493, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.7927906307368934, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50449, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.6400137191298733, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50470, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9778479528954627, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50450, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9966468616913028, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50453, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9465658811252624, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50483, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.5945419797780971, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50451, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8274199630783736, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50454, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9237116769276617, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50461, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8766804159278622, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50475, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.5976508091250565, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50474, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.774733297741169, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50468, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8018646925426739, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50457, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8881844764676449, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50473, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8748114553943344, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50458, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9351269276217935, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50478, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8867138406207913, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50460, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9337957409302919, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50459, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9417957198933872, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50486, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8854999027550163, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50487, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.6872012369079102, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50488, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.8096350199225714, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50448, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8561333002701108, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50495, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9438502507410287, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50455, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8178259229147375, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50452, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9622542297552491, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50462, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8739267281198654, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50472, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9501198340432971, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50496, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9188679536963599, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:33:51.135] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 51|max_alert: 1000 [2025-12-09 20:33:51.135] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:33:51.135] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:33:51.135] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:33:53.975] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25423 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai4.1726052591.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai4.1726052591.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=2576935b3043a27e26cf7b690c113ab39ca803930954cb248bebd5775cc4fb86&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123353Z&X-Amz-SignedHeaders=host"} [2025-12-09 20:33:53.975] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:33:53.975] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:33:53.975] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:33:53.975] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:33:53.975] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:33:53.976] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:33:54.161] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai4.1726052591.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283633976, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50563, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9928590794685879, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:33:54.161] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:33:54.161] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:33:54.161] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:33:54.161] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:33:57.154] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25070 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai4.pcap.TCP_192-168-88-24_50050_192-168-88-28_50563.1726052591.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai4.pcap.TCP_192-168-88-24_50050_192-168-88-28_50563.1726052591.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T123356Z&X-Amz-SignedHeaders=host&X-Amz-Signature=4ed600b5d37e55f472c8b7100cea3a028ce86f92022516bb68a58d7aa9f99eed"} [2025-12-09 20:33:57.154] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:33:57.154] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:33:57.154] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:33:57.154] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:33:57.154] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:33:57.155] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:33:57.340] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai4.pcap.TCP_192-168-88-24_50050_192-168-88-28_50563.1726052591.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283637155, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50563, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9928590794685879, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:33:57.340] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:33:57.340] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:33:57.340] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:33:57.340] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:34:00.332] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24322 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai1ywlkhflow_1ywrkh.1726049250.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai1ywlkhflow_1ywrkh.1726049250.jsonl?X-Amz-Expires=604800&X-Amz-Signature=f9b6c5ce84cff98a328263f62a4bf610c1b99a96f40cc331d1055dc157e6967b&X-Amz-Date=20251209T123359Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:34:00.332] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:34:00.332] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:34:00.332] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:34:00.332] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:34:00.332] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:34:00.333] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:34:00.518] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai1ywlkhflow_1ywrkh.1726049250.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283640333, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50415, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9566455107415062, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:34:00.518] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:34:00.518] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:34:00.518] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:34:00.518] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:34:03.521] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25424 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai1ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50415.1726049250.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai1ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50415.1726049250.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=3c6670458bc077ecfd98eaff6e2030fdf1711c94d64f8aa724e49bd8d0f00c4d&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T123402Z"} [2025-12-09 20:34:03.521] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:34:03.521] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:34:03.521] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:34:03.521] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:34:03.521] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:34:03.522] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:34:03.720] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai1ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50415.1726049250.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283643522, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50415, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9566455107415062, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:34:03.720] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:34:03.720] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:34:03.720] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:34:03.720] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:34:06.641] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24323 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID13-httpCS4.8_win8_kali_jdk_IP.1726075620.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID13-httpCS4.8_win8_kali_jdk_IP.1726075620.jsonl?X-Amz-Expires=604800&X-Amz-Signature=817360388068957fa7d6293153226bdb1630b43b170cc1fbf5e4765fcf8c3244&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T123406Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:34:06.641] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:34:06.641] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:34:06.641] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:34:06.641] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:34:06.642] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:34:06.642] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:34:06.847] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID13-httpCS4.8_win8_kali_jdk_IP.1726075620.jsonl|result:{"code": 1, "total_count": 26, "alert_count": 26, "abnormal_count": 26, "normal_count": 0, "timestamp": 1765283646642, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49632, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49641, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49623, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49629, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49640, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49642, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49622, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49624, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49631, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49635, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49644, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49645, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49628, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49626, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "138.113.153.218", "protocol": 6, "src_port": 49621, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 2, "2_sum": 2, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "138.113.153.218", "protocol": 6, "src_port": 49620, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 2, "2_sum": 2, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49637, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49634, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49627, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49638, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49636, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49639, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49625, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49630, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49643, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49633, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:34:06.847] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 26|max_alert: 1000 [2025-12-09 20:34:06.847] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:34:06.847] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:34:06.847] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:34:09.781] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24324 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai3ywlkhflow_1ywrkh.1726049197.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai3ywlkhflow_1ywrkh.1726049197.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T123409Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=3822a752692736bb63fae1de72a82ca8867bebc225708f5efe45a899e9d32cb4&X-Amz-SignedHeaders=host"} [2025-12-09 20:34:09.781] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:34:09.781] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:34:09.781] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:34:09.781] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:34:09.781] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:34:09.782] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:34:09.967] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai3ywlkhflow_1ywrkh.1726049197.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283649782, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50412, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.961244287689948, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:34:09.967] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:34:09.967] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:34:09.967] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:34:09.967] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:34:12.957] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24325 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai3ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50412.1726049197.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai3ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50412.1726049197.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T123412Z&X-Amz-Signature=c418fe80b4d5b23e9198dfe902f552e335e4b9aea5b3014b02a40c086f545523"} [2025-12-09 20:34:12.958] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:34:12.958] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:34:12.958] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:34:12.958] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:34:12.958] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:34:12.958] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:34:13.176] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai3ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50412.1726049197.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283652959, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50412, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.961244287689948, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:34:13.176] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:34:13.177] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:34:13.177] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:34:13.177] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:34:16.110] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25425 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai3zwlkhflow1zwrkh.1726640247.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai3zwlkhflow1zwrkh.1726640247.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=5efc711b9a5dbcbb5aa1c124d8f97f63bcf1d9fe292257eb41d2ee3ec4eec9f5&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251209T123415Z"} [2025-12-09 20:34:16.110] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:34:16.110] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:34:16.110] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:34:16.110] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:34:16.110] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:34:16.110] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:34:16.296] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai3zwlkhflow1zwrkh.1726640247.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283656111, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49274, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9475923862428122, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:34:16.296] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:34:16.296] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:34:16.296] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:34:16.296] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:34:19.287] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24326 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai3zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49274.1726640247.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai3zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49274.1726640247.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T123418Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=cba3a4bf58682bb4cede6fc87057cdebec476deafcd121bc2a737a6ea864916c"} [2025-12-09 20:34:19.287] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:34:19.287] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:34:19.288] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:34:19.288] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:34:19.288] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:34:19.288] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:34:19.477] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai3zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49274.1726640247.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283659288, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49274, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9475923862428122, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:34:19.477] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:34:19.477] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:34:19.477] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:34:19.477] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:34:22.479] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24327 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID38-tls1.2CS4.8_windowsserver2008R2_kali_openjdk_IP.1726229695.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID38-tls1.2CS4.8_windowsserver2008R2_kali_openjdk_IP.1726229695.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=0c18f418e790543f41cda60fc17e66e89bb9d143affa9dee1cec99936dab2bef&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123422Z&X-Amz-Expires=604800"} [2025-12-09 20:34:22.479] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:34:22.479] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:34:22.479] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:34:22.479] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:34:22.479] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:34:22.480] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:34:22.870] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID38-tls1.2CS4.8_windowsserver2008R2_kali_openjdk_IP.1726229695.jsonl|result:{"code": 1, "total_count": 76, "alert_count": 76, "abnormal_count": 76, "normal_count": 0, "timestamp": 1765283662480, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49220, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7318273903580081, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49246, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5056733612666298, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49221, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8658658540985611, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49224, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6698283090647289, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49229, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.613742207880986, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49233, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8084731439855268, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49263, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6080650501264456, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49190, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7229230726284015, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49257, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5208920563208368, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49214, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5261868710854988, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49242, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5812314610471208, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49200, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5217023381459583, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49202, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5811762708080267, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49230, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9937176910462588, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49254, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6580376481514761, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49256, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6281403581540339, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49260, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5457526343032756, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49186, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6267671997196244, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49218, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5908848484829133, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49264, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7578437493255555, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49253, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6599500244845031, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49212, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6300536494243009, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49215, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5140786453261911, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49236, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7227390099663921, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49228, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7250207761626102, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49244, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5814739130967891, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49182, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6734925930710424, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49206, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7516297304786235, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49250, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5775056590314713, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49231, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5536283905221424, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49204, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6543283184875964, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49216, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6209284583836192, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49174, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6248472244401541, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49184, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6031550006145634, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49194, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7950940516709619, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49239, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7075482074673664, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49252, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5822834392028516, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49248, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.618043122757581, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49243, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6582920260542253, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49222, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6442998904092805, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49205, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7463630278584541, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49227, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7122963155841672, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49180, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5474971418071267, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49265, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9931520009043627, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49234, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5006858783819141, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49261, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7118598027618485, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49235, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6520458829158031, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49238, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6308904933455395, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49198, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6916111843982602, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49211, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9923675172895208, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49259, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5080873430339278, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49223, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.543049427720714, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49176, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5491783414771263, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49196, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7766822355730967, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49192, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6832329150933986, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49241, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5200177337823262, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49172, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5353306400865453, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49219, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7598957667591607, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49225, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9943734437108162, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49258, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5979215075013885, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49208, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5154196129810762, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49217, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9948242293681544, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49232, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7939669149758993, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49178, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6395542261025086, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49237, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7317551676640563, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49245, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7280543207592937, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49209, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6886356147053031, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49255, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6088901244312445, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49262, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5589559011649154, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49251, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.647303010716762, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49249, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6529116374717252, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49170, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6599810656449128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49188, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.791836937323343, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49226, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.502240092652947, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49247, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8401069702409798, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49240, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5340017481482312, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:34:22.870] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 76|max_alert: 1000 [2025-12-09 20:34:22.870] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:34:22.870] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:34:22.870] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:34:25.660] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25071 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai2zwlkhflow1zwrkh.1726641246.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai2zwlkhflow1zwrkh.1726641246.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T123425Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=65631f67e3205fc600185514b0766d1077b3e8aabb7b51f878fc1eb5e1e57fd4"} [2025-12-09 20:34:25.660] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:34:25.660] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:34:25.660] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:34:25.660] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:34:25.660] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:34:25.661] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:34:25.845] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai2zwlkhflow1zwrkh.1726641246.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283665661, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49286, "dest_port": 50050, "y_pred": 2, "y_pred_proba_max": 0.39051859700336666, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:34:25.845] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:34:25.845] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:34:25.845] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:34:25.845] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:34:28.820] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25426 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai2zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49286.1726641246.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai2zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49286.1726641246.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251209T123428Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=a1e375fc328876e1c6de947d31aea49715c34cb3ae73db8e021bde8423eb291c"} [2025-12-09 20:34:28.820] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:34:28.820] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:34:28.820] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:34:28.820] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:34:28.820] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:34:28.821] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:34:29.006] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai2zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49286.1726641246.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283668821, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49286, "dest_port": 50050, "y_pred": 2, "y_pred_proba_max": 0.39051859700336666, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:34:29.006] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:34:29.006] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:34:29.006] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:34:29.006] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:34:31.980] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25072 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai.1726046709.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai.1726046709.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T123431Z&X-Amz-Signature=6201b2da00d6660c1c8bd0cb72c45ad1dc89c41293cc4bcbb4fbb6f5f937caa4"} [2025-12-09 20:34:31.980] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:34:31.980] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:34:31.980] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:34:31.980] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:34:31.980] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:34:31.981] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:34:32.166] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai.1726046709.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283671981, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50353, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9896802619072912, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:34:32.166] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:34:32.166] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:34:32.166] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:34:32.166] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:34:35.165] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25073 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai.pcap.TCP_192-168-88-22_50050_192-168-88-28_50353.1726046709.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai.pcap.TCP_192-168-88-22_50050_192-168-88-28_50353.1726046709.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=619496b05b2a4201c49c63a05035c0625eff23f5fa815810279b8b9276d56a96&X-Amz-Expires=604800&X-Amz-Date=20251209T123434Z"} [2025-12-09 20:34:35.165] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:34:35.165] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:34:35.165] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:34:35.165] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:34:35.165] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:34:35.166] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:34:35.352] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai.pcap.TCP_192-168-88-22_50050_192-168-88-28_50353.1726046709.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283675166, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50353, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9896802619072912, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:34:35.352] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:34:35.352] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:34:35.352] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:34:35.352] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:34:38.347] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25074 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai2zwlkhflow1zwrkh.1726640164.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai2zwlkhflow1zwrkh.1726640164.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=6add8fa8a7c5d79735b3b74d47c6bbe691f5dcad0014c52dfc305e409f72a899&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123437Z&X-Amz-Expires=604800"} [2025-12-09 20:34:38.348] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:34:38.348] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:34:38.348] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:34:38.348] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:34:38.348] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:34:38.348] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:34:38.534] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai2zwlkhflow1zwrkh.1726640164.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283678348, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49273, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9246137845292827, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:34:38.534] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:34:38.534] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:34:38.534] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:34:38.534] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:34:41.536] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24328 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai2zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49273.1726640164.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai2zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49273.1726640164.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=1dd5b5a01d2710546a2c7ae12cf5a90e206c9989870d7ca9b8eeb00e1574bda1&X-Amz-Date=20251209T123441Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:34:41.536] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:34:41.536] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:34:41.536] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:34:41.536] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:34:41.536] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:34:41.536] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:34:41.739] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai2zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49273.1726640164.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283681536, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49273, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9246137845292827, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:34:41.739] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:34:41.739] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:34:41.739] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:34:41.739] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:34:44.695] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25427 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai5.1726052381.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai5.1726052381.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=af300caacd67b07a638fc27af6f9d3ece01f4668651ec7421683afa959134e17&X-Amz-Date=20251209T123444Z"} [2025-12-09 20:34:44.695] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:34:44.695] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:34:44.695] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:34:44.695] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:34:44.695] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:34:44.696] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:34:44.881] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai5.1726052381.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283684696, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50554, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.6960203398639496, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:34:44.881] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:34:44.881] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:34:44.881] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:34:44.881] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:34:47.904] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24329 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai5.pcap.TCP_192-168-88-24_50050_192-168-88-28_50554.1726052381.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai5.pcap.TCP_192-168-88-24_50050_192-168-88-28_50554.1726052381.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T123447Z&X-Amz-Signature=a72b0e8f4152abe40c8e9eaa06edfe88ad69e085fa62afcd8bf3296201eb24fd&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-09 20:34:47.905] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:34:47.905] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:34:47.905] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:34:47.905] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:34:47.905] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:34:47.905] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:34:48.136] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai5.pcap.TCP_192-168-88-24_50050_192-168-88-28_50554.1726052381.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283687905, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50554, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.6960203398639496, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:34:48.136] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:34:48.136] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:34:48.136] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:34:48.136] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:34:51.059] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25428 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai1zwlkhflow1zwrkh.1726640074.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai1zwlkhflow1zwrkh.1726640074.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123450Z&X-Amz-Expires=604800&X-Amz-Signature=a458a4226c3297d2f93d5ac7b41b33627ebc6ae5d64a407cf0c6cef94c0bccbc&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:34:51.059] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:34:51.060] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:34:51.060] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:34:51.060] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:34:51.060] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:34:51.060] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:34:51.245] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai1zwlkhflow1zwrkh.1726640074.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283691060, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49272, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9591897032018184, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:34:51.245] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:34:51.245] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:34:51.245] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:34:51.245] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:34:54.242] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25429 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai1zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49272.1726640074.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai1zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49272.1726640074.jsonl?X-Amz-Signature=32afb7612299e361ffc6c68164ad9fcbd83082c997145acbe7f98c41adcf90ec&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123453Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-09 20:34:54.242] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:34:54.242] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:34:54.242] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:34:54.242] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:34:54.242] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:34:54.243] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:34:54.428] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai1zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49272.1726640074.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283694243, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49272, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9591897032018184, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:34:54.428] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:34:54.428] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:34:54.428] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:34:54.428] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:34:57.444] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24330 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai3ywlkhflow1ywrkh.1726052090.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai3ywlkhflow1ywrkh.1726052090.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=8658791fa488cecf6762da4f840866971f26393d2e8ab5bed8488c73b2d1be62&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123456Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 20:34:57.444] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:34:57.444] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:34:57.444] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:34:57.444] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:34:57.444] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:34:57.445] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:34:57.645] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai3ywlkhflow1ywrkh.1726052090.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283697445, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50540, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.6840838352748652, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:34:57.645] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:34:57.645] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:34:57.645] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:34:57.645] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:35:00.683] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24331 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai3ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50540.1726052090.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai3ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50540.1726052090.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251209T123500Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=6cfb9fe713fbe86c1dcf16587e9963c7fe25db068d25eb4cbdd4e68b39e70c4e&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:35:00.683] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:35:00.683] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:35:00.683] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:35:00.683] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:35:00.683] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:35:00.684] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:35:00.883] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai3ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50540.1726052090.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283700684, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50540, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.6840838352748652, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:35:00.883] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:35:00.883] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:35:00.883] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:35:00.883] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:35:03.844] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25075 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai1zwlkhflow1zwrkh.1726641177.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai1zwlkhflow1zwrkh.1726641177.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T123503Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=aea27283d533606ed89cc1754de4efd9d7472dd5d40b289124d8976793b6c0fb"} [2025-12-09 20:35:03.845] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:35:03.845] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:35:03.845] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:35:03.845] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:35:03.845] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:35:03.845] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:35:04.031] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai1zwlkhflow1zwrkh.1726641177.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283703845, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49285, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.7612787564487756, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:35:04.031] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:35:04.031] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:35:04.031] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:35:04.031] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:35:07.021] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24332 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai1zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49285.1726641177.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai1zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49285.1726641177.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=58fd2d90a57eea1a03accb7d53fd0c055471756b9887e4435d53c03151b97bb3&X-Amz-Date=20251209T123506Z"} [2025-12-09 20:35:07.022] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:35:07.022] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:35:07.022] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:35:07.022] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:35:07.022] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:35:07.022] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:35:07.208] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai1zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49285.1726641177.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283707022, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49285, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.7612787564487756, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:35:07.208] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:35:07.208] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:35:07.208] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:35:07.208] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:35:10.174] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24333 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai2ywlkhflow1ywrkh.1726052039.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai2ywlkhflow1ywrkh.1726052039.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=71c52aa0d1bcb8d56133b2d6841a3eaa7a1f53ff59a21d4d85e238e6ae98c2d3&X-Amz-Date=20251209T123509Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:35:10.175] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:35:10.175] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:35:10.175] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:35:10.175] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:35:10.175] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:35:10.175] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:35:10.361] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai2ywlkhflow1ywrkh.1726052039.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283710175, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50537, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9699129544390623, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:35:10.361] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:35:10.361] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:35:10.361] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:35:10.361] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:35:13.381] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25076 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai2ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50537.1726052039.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai2ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50537.1726052039.jsonl?X-Amz-Signature=227858ec421635d3365c022f24312ec631a2db7a3cb3031b89b316bc79fb631a&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123512Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 20:35:13.381] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:35:13.381] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:35:13.381] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:35:13.381] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:35:13.381] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:35:13.382] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:35:13.578] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai2ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50537.1726052039.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283713382, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50537, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9699129544390623, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:35:13.578] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:35:13.578] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:35:13.578] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:35:13.578] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:35:16.573] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24334 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai1ywlkhflow1ywrkh.1726051773.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai1ywlkhflow1ywrkh.1726051773.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=25db227bbe36709683d76a248d35e77820bcf49d38d880c28f8bd568cebcf36e&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251209T123516Z"} [2025-12-09 20:35:16.573] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:35:16.573] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:35:16.573] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:35:16.574] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:35:16.574] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:35:16.574] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:35:16.758] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai1ywlkhflow1ywrkh.1726051773.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283716574, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50524, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9733924598757913, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:35:16.758] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:35:16.758] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:35:16.758] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:35:16.758] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:35:19.757] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25430 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai1ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50524.1726051773.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai1ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50524.1726051773.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123519Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=112705b0c927f6af717b5cf6f57e272c1f0bf4a1734ff47dd55a89e58d2f3592"} [2025-12-09 20:35:19.757] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:35:19.757] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:35:19.757] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:35:19.757] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:35:19.757] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:35:19.758] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:35:19.943] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai1ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50524.1726051773.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283719758, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50524, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9733924598757913, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:35:19.944] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:35:19.944] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:35:19.944] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:35:19.944] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:35:22.923] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25077 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai1ywlkhflow1ywrkh.1726051978.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai1ywlkhflow1ywrkh.1726051978.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251209T123522Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=bb9887924c7d974b4a0aca06adfe1171ac9004e2a04ba6ecb3850a1d2d2d42ae"} [2025-12-09 20:35:22.923] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:35:22.923] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:35:22.923] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:35:22.923] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:35:22.923] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:35:22.924] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:35:23.142] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai1ywlkhflow1ywrkh.1726051978.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283722924, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50534, "dest_port": 50050, "y_pred": 2, "y_pred_proba_max": 0.7254783096687621, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:35:23.142] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:35:23.142] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:35:23.142] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:35:23.142] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:35:26.070] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25078 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai1ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50534.1726051978.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai1ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50534.1726051978.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123525Z&X-Amz-SignedHeaders=host&X-Amz-Signature=e3bf7fda94b3a5afe59f824e9b48ef8cd919f1dc8886c910b55e7a7b63d11d4d&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:35:26.070] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:35:26.070] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:35:26.070] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:35:26.070] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:35:26.070] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:35:26.071] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:35:26.274] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai1ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50534.1726051978.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283726071, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50534, "dest_port": 50050, "y_pred": 2, "y_pred_proba_max": 0.7254783096687621, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:35:26.274] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:35:26.274] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:35:26.274] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:35:26.274] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:35:29.241] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25431 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domainzwlkhflow1zwrkh.1726040470.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domainzwlkhflow1zwrkh.1726040470.jsonl?X-Amz-Signature=23db5b1ca8a979854fc73405291161aed6ac20f99df77c3120d5e02c38d37424&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T123528Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-09 20:35:29.242] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:35:29.242] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:35:29.242] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:35:29.242] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:35:29.242] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:35:29.243] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:35:29.440] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domainzwlkhflow1zwrkh.1726040470.jsonl|result:{"code": 1, "total_count": 2, "alert_count": 2, "abnormal_count": 2, "normal_count": 0, "timestamp": 1765283729243, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49217, "dest_port": 50050, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 2, "2_sum": 2, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49218, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8294811496311496, "2_count": 2, "2_sum": 2, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:35:29.440] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 2|max_alert: 1000 [2025-12-09 20:35:29.440] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:35:29.440] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:35:29.440] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:35:32.409] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25432 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai3ywlkhflow_1ywrkh.1726623784.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai3ywlkhflow_1ywrkh.1726623784.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123531Z&X-Amz-Signature=5b69dcb4715aa137e739efbce43867a4eb2196418fc3524855c921bd4006d5a2&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 20:35:32.409] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:35:32.409] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:35:32.409] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:35:32.409] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:35:32.409] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:35:32.410] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:35:32.596] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai3ywlkhflow_1ywrkh.1726623784.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283732410, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50371, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9070247238720954, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:35:32.596] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:35:32.596] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:35:32.596] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:35:32.596] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:35:35.603] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25079 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai3ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50371.1726623784.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai3ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50371.1726623784.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=7071eded86faf2f9135b5740c434dca1893bf8f9d8c086a8e56409c0afa4d60f&X-Amz-Date=20251209T123535Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 20:35:35.603] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:35:35.603] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:35:35.603] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:35:35.603] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:35:35.603] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:35:35.604] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:35:35.802] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai3ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50371.1726623784.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283735604, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50371, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9070247238720954, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:35:35.803] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:35:35.803] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:35:35.803] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:35:35.803] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:35:38.764] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24335 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domainzwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49218.1726040473.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domainzwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49218.1726040473.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251209T123538Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=1f1133404e1243f17e44bb02e331ed4da04f09ad5d665ae7febc19d03d3fb405"} [2025-12-09 20:35:38.764] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:35:38.764] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:35:38.764] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:35:38.764] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:35:38.764] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:35:38.765] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:35:38.951] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domainzwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49218.1726040473.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283738765, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49218, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8294811496311496, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:35:38.951] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:35:38.951] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:35:38.951] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:35:38.951] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:35:41.930] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25433 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP.1726046306.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP.1726046306.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T123541Z&X-Amz-Signature=dcc95b8fb520c3f5559af7226b2a736202cda08d3e1326b6fc6169dfc6cc6242"} [2025-12-09 20:35:41.930] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:35:41.930] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:35:41.931] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:35:41.931] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:35:41.931] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:35:41.931] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:35:42.118] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP.1726046306.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283741931, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50347, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9947393348326229, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:35:42.118] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:35:42.118] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:35:42.118] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:35:42.118] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:35:45.080] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24336 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-28_50347.1726046306.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-28_50347.1726046306.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T123544Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=41406941893bb2573a610612139f3e4e9d473565b165c58f006b2b693d541dd8"} [2025-12-09 20:35:45.080] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:35:45.080] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:35:45.080] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:35:45.081] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:35:45.081] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:35:45.081] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:35:45.269] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-28_50347.1726046306.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283745082, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50347, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9947393348326229, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:35:45.269] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:35:45.269] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:35:45.269] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:35:45.269] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:35:48.219] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25434 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP.1726046026.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP.1726046026.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=a338203fbf9233b63bf000f9c1ec29d3369b6da5ccec097cc9d44223991eba62&X-Amz-Expires=604800&X-Amz-Date=20251209T123547Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:35:48.219] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:35:48.219] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:35:48.219] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:35:48.220] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:35:48.220] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:35:48.220] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:35:48.406] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP.1726046026.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283748221, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50340, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9916423812796076, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:35:48.406] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:35:48.406] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:35:48.406] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:35:48.406] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:35:51.367] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25080 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-28_50340.1726046026.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-28_50340.1726046026.jsonl?X-Amz-Signature=6a805e02a0a05ad5fd649e539e3a3b9f01e07b9c291b06ed0278a6bd57412baa&X-Amz-Date=20251209T123550Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 20:35:51.368] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:35:51.368] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:35:51.368] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:35:51.368] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:35:51.368] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:35:51.368] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:35:51.554] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-28_50340.1726046026.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283751368, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50340, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9916423812796076, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:35:51.554] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:35:51.554] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:35:51.554] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:35:51.554] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:35:54.557] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25435 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai.1726025194.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai.1726025194.jsonl?X-Amz-Date=20251209T123554Z&X-Amz-SignedHeaders=host&X-Amz-Signature=87c99034a1a950986d5422d40351ddee764c5daba16c60a51f2e84831e5d778c&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-09 20:35:54.557] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:35:54.557] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:35:54.557] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:35:54.557] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:35:54.557] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:35:54.558] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:35:54.756] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai.1726025194.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283754558, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50225, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9222684440106839, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:35:54.756] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:35:54.756] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:35:54.756] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:35:54.756] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:35:57.709] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25436 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP.1726022173.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP.1726022173.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123557Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=a42b44f6d27c1f9a7924482b07bffccdda7a9f70b9a9c820a81684f7cebfae56"} [2025-12-09 20:35:57.709] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:35:57.709] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:35:57.709] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:35:57.709] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:35:57.709] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:35:57.710] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:35:57.896] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP.1726022173.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283757710, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49948, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8549831812491122, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:35:57.896] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:35:57.896] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:35:57.896] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:35:57.896] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:36:00.910] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24337 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP.pcap.TCP_192-168-88-24_50050_192-168-88-28_49948.1726022173.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP.pcap.TCP_192-168-88-24_50050_192-168-88-28_49948.1726022173.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=0e8f9120181537a1b81d7196b2890a3b85e7b15a8f4ddf7cfd1c4b4499b76a36&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T123600Z&X-Amz-SignedHeaders=host"} [2025-12-09 20:36:00.910] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:36:00.910] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:36:00.910] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:36:00.910] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:36:00.910] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:36:00.910] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:36:01.109] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP.pcap.TCP_192-168-88-24_50050_192-168-88-28_49948.1726022173.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283760911, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49948, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8549831812491122, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:36:01.109] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:36:01.109] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:36:01.109] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:36:01.109] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:36:04.073] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24338 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai.pcap.TCP_192-168-88-24_50050_192-168-88-28_50225.1726025194.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai.pcap.TCP_192-168-88-24_50050_192-168-88-28_50225.1726025194.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=004f6da169aa2bbb4818769ca612952b6a576e1202ca9c3910c2ad15334a2f1a&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123603Z"} [2025-12-09 20:36:04.073] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:36:04.073] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:36:04.073] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:36:04.073] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:36:04.073] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:36:04.074] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:36:04.261] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai.pcap.TCP_192-168-88-24_50050_192-168-88-28_50225.1726025194.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283764074, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50225, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9222684440106839, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:36:04.261] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:36:04.261] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:36:04.261] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:36:04.261] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:36:07.254] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25081 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP.1726017084.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP.1726017084.jsonl?X-Amz-Date=20251209T123606Z&X-Amz-Signature=f0c4d52de16d1bed820db2724303cb647c710d89178bab1fb03f6a577c9da75f&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:36:07.254] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:36:07.254] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:36:07.254] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:36:07.254] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:36:07.254] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:36:07.255] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:36:07.479] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP.1726017084.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283767255, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49721, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9971262161600466, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:36:07.479] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:36:07.479] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:36:07.479] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:36:07.479] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:36:10.414] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25082 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP.pcap.TCP_192-168-88-24_50050_192-168-88-28_49721.1726017084.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP.pcap.TCP_192-168-88-24_50050_192-168-88-28_49721.1726017084.jsonl?X-Amz-Date=20251209T123609Z&X-Amz-Signature=3a36c50e07bac4895b8f9afc0815e57a34ed5e906b55946d42e2b474365974e7&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:36:10.414] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:36:10.414] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:36:10.415] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:36:10.415] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:36:10.415] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:36:10.415] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:36:10.605] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP.pcap.TCP_192-168-88-24_50050_192-168-88-28_49721.1726017084.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283770415, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49721, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9971262161600466, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:36:10.605] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:36:10.605] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:36:10.605] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:36:10.605] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:36:13.559] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25083 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_ls.pcap.TCP_192-168-52-1_42299_192-168-52-129_443.1726042424.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_ls.pcap.TCP_192-168-52-1_42299_192-168-52-129_443.1726042424.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251209T123613Z&X-Amz-Signature=a93570e2e3b7ddeb1999517940fbd0f237f3307a4f9f0b93c74084984f53e0b5&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:36:13.559] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:36:13.559] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:36:13.559] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:36:13.560] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:36:13.560] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:36:13.560] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:36:13.746] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_ls.pcap.TCP_192-168-52-1_42299_192-168-52-129_443.1726042424.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283773560, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 42299, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9998783659205461, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:36:13.746] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:36:13.746] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:36:13.746] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:36:13.746] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:36:16.680] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25437 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.TCP_10-0-4-15_3389_111-53-218-171_6945.1726284531.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.TCP_10-0-4-15_3389_111-53-218-171_6945.1726284531.jsonl?X-Amz-Date=20251209T123616Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=dc486c02ac170808417869991c39f7a2ad2ff69e738dfc8b4408673a2b10cf22"} [2025-12-09 20:36:16.680] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:36:16.680] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:36:16.681] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:36:16.681] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:36:16.681] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:36:16.681] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:36:16.865] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.TCP_10-0-4-15_3389_111-53-218-171_6945.1726284531.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765283776681, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 20:36:16.865] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 20:36:16.865] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:36:19.800] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25084 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_whoami.pcap.TCP_192-168-52-1_11237_192-168-52-129_80.1726192027.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_whoami.pcap.TCP_192-168-52-1_11237_192-168-52-129_80.1726192027.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123619Z&X-Amz-Expires=604800&X-Amz-Signature=efd112863fd12287efbb1386188694c1cd8eea6fe9d6a1cfd6bd7297440c5c32&X-Amz-SignedHeaders=host"} [2025-12-09 20:36:19.800] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:36:19.800] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:36:19.800] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:36:19.801] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:36:19.801] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:36:19.801] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:36:19.985] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_whoami.pcap.TCP_192-168-52-1_11237_192-168-52-129_80.1726192027.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283779801, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 11237, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:36:19.985] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:36:19.985] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:36:19.985] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:36:19.985] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:36:22.917] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24339 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_ls.pcap.TCP_192-168-52-1_11657_192-168-52-129_80.1726192280.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_ls.pcap.TCP_192-168-52-1_11657_192-168-52-129_80.1726192280.jsonl?X-Amz-Signature=144281bef9dfaae308953ae60dad79e81bb1c984359a228bacbccecaa277e531&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123622Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-09 20:36:22.917] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:36:22.917] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:36:22.917] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:36:22.917] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:36:22.917] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:36:22.917] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:36:23.101] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_ls.pcap.TCP_192-168-52-1_11657_192-168-52-129_80.1726192280.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283782918, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 11657, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:36:23.101] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:36:23.101] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:36:23.101] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:36:23.101] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:36:26.047] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25438 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID25-tls1.2CS4.8_centos_ubuntu_jdk_IP.1728732968.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID25-tls1.2CS4.8_centos_ubuntu_jdk_IP.1728732968.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123625Z&X-Amz-Signature=6dc8cf0b4382420aaef311fd93745d55a3a26b774d79b02ec4ef055c1c850b65&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-09 20:36:26.047] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:36:26.047] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:36:26.048] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:36:26.048] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:36:26.048] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:36:26.049] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:36:26.306] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID25-tls1.2CS4.8_centos_ubuntu_jdk_IP.1728732968.jsonl|result:{"code": 1, "total_count": 21, "alert_count": 21, "abnormal_count": 21, "normal_count": 0, "timestamp": 1765283786049, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 34656, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.5374613360321774, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 34666, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.7604523869147367, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 34632, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.7965322466870355, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 34646, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.8176869850903552, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 34638, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.6722498495119673, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 34660, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.8666270235893071, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 34640, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9279416400991565, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 34636, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9516510162293647, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 34644, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.8395605167848867, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 34652, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.8961666808333515, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 34664, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.7038524472810676, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 34650, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.8532664235072036, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 34648, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.8370680711525115, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 34628, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9247171474546967, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 34630, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.8303215382222833, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 34626, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 34634, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9258061248200679, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 34642, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.5229898646686305, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 34654, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9251629686549672, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 34658, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.8159447130760255, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 34662, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9028181579683376, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:36:26.306] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 21|max_alert: 1000 [2025-12-09 20:36:26.306] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:36:26.306] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:36:26.306] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:36:29.196] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25439 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID26-tls1.2CS4.8_centos_ubuntu_openjdk_IP.1728727779.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID26-tls1.2CS4.8_centos_ubuntu_openjdk_IP.1728727779.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123628Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=1ff3808734cd643690da6f8394dfa8c76ccc1491f1ff83bf74d5e6fe82c94224"} [2025-12-09 20:36:29.196] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:36:29.196] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:36:29.197] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:36:29.197] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:36:29.197] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:36:29.197] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:36:29.445] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID26-tls1.2CS4.8_centos_ubuntu_openjdk_IP.1728727779.jsonl|result:{"code": 1, "total_count": 21, "alert_count": 21, "abnormal_count": 21, "normal_count": 0, "timestamp": 1765283789197, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 56974, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8601418301393289, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 56986, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.910552477639477, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 56994, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9379251112483292, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 56970, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.7892020374077917, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 56980, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8896217920932599, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 56984, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9215855685296445, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 56988, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.6881596242760177, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 56990, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.931011531499548, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 56992, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9337806053561917, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 56998, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8158632337124991, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 57002, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8036534034208659, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 56976, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.807230253223138, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 57004, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8027336993840472, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 57006, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9448282038520124, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 56968, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9351139426732936, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 56982, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.6160180228889229, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 56978, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.7391702047982551, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 57000, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.7279398736975623, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 56972, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9414524592755901, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 56966, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 56996, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8940617073469203, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:36:29.445] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 21|max_alert: 1000 [2025-12-09 20:36:29.445] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:36:29.445] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:36:29.445] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:36:32.340] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25085 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_whoami.pcap.TCP_192-168-52-1_20222_192-168-52-129_443.1725954694.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_whoami.pcap.TCP_192-168-52-1_20222_192-168-52-129_443.1725954694.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=5e147101afbb1727a67fe608779ab5b73a5d22767d6895e21762a6d3b09523d9&X-Amz-Date=20251209T123631Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:36:32.341] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:36:32.341] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:36:32.341] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:36:32.341] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:36:32.341] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:36:32.341] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:36:32.524] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_whoami.pcap.TCP_192-168-52-1_20222_192-168-52-129_443.1725954694.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283792342, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 20222, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999022559579159, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:36:32.524] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:36:32.524] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:36:32.524] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:36:32.524] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:36:35.451] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25086 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_ls.pcap.TCP_192-168-52-1_11237_192-168-52-129_80.1726192068.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_ls.pcap.TCP_192-168-52-1_11237_192-168-52-129_80.1726192068.jsonl?X-Amz-Signature=3f53bc0b20c9aabc50eb0acbebd7d65028b3e9a5f3fb54d5b5476893aecac901&X-Amz-Date=20251209T123634Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:36:35.452] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:36:35.452] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:36:35.452] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:36:35.452] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:36:35.452] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:36:35.452] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:36:35.636] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_ls.pcap.TCP_192-168-52-1_11237_192-168-52-129_80.1726192068.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765283795452, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 20:36:35.636] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 20:36:35.636] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:36:38.561] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24340 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_cat.pcap.TCP_192-168-52-1_11333_192-168-52-129_80.1726192105.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_cat.pcap.TCP_192-168-52-1_11333_192-168-52-129_80.1726192105.jsonl?X-Amz-Expires=604800&X-Amz-Signature=57fa137a412217847a0f405c1895ad765d7475d5f1fd9c8821ba05dc29512330&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T123638Z"} [2025-12-09 20:36:38.562] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:36:38.562] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:36:38.562] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:36:38.562] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:36:38.562] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:36:38.562] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:36:38.775] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_cat.pcap.TCP_192-168-52-1_11333_192-168-52-129_80.1726192105.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283798563, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 11333, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:36:38.776] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:36:38.776] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:36:38.776] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:36:38.776] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:36:41.699] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25087 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP.1726039121.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP.1726039121.jsonl?X-Amz-Date=20251209T123641Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=516ed7e2f6c2c060dcdd9e8222271e8c2d86d175795ad37ac621dd9af1acd662"} [2025-12-09 20:36:41.699] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:36:41.699] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:36:41.700] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:36:41.700] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:36:41.700] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:36:41.700] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:36:41.889] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP.1726039121.jsonl|result:{"code": 1, "total_count": 2, "alert_count": 2, "abnormal_count": 2, "normal_count": 0, "timestamp": 1765283801700, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49204, "dest_port": 50050, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 2, "2_sum": 2, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49205, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.7917849186026443, "2_count": 2, "2_sum": 2, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:36:41.889] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 2|max_alert: 1000 [2025-12-09 20:36:41.889] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:36:41.889] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:36:41.889] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:36:44.858] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25088 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP.pcap.TCP_192-168-88-24_50050_192-168-88-30_49205.1726039128.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP.pcap.TCP_192-168-88-24_50050_192-168-88-30_49205.1726039128.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=888f1903c75cbb11d256962f5b6e6825f75ed278c15043898b645832192b6905&X-Amz-Date=20251209T123644Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-09 20:36:44.858] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:36:44.858] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:36:44.858] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:36:44.858] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:36:44.858] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:36:44.858] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:36:45.045] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP.pcap.TCP_192-168-88-24_50050_192-168-88-30_49205.1726039128.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283804859, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49205, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.7917849186026443, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:36:45.045] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:36:45.045] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:36:45.045] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:36:45.045] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:36:48.002] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25440 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_https_whoami.pcap.TCP_192-168-52-1_23792_192-168-52-129_443.1725956188.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_https_whoami.pcap.TCP_192-168-52-1_23792_192-168-52-129_443.1725956188.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=f58541ddb45253fcc1d7ebc372535056fc941e5e0ec8e71a1aeff44367777034&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123647Z"} [2025-12-09 20:36:48.002] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:36:48.002] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:36:48.002] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:36:48.002] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:36:48.002] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:36:48.003] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:36:48.196] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_https_whoami.pcap.TCP_192-168-52-1_23792_192-168-52-129_443.1725956188.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283808003, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 23792, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999910791295988, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:36:48.196] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:36:48.196] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:36:48.196] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:36:48.196] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:36:51.129] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24341 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.TCP_192-168-52-1_11500_192-168-52-129_80.1726192241.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.TCP_192-168-52-1_11500_192-168-52-129_80.1726192241.jsonl?X-Amz-Expires=604800&X-Amz-Signature=8e165954358d1a17cbff7761b4bae1dc8d52c80eb3332b94b7b645414c9f2ad7&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123650Z"} [2025-12-09 20:36:51.129] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:36:51.129] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:36:51.129] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:36:51.129] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:36:51.129] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:36:51.129] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:36:51.313] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.TCP_192-168-52-1_11500_192-168-52-129_80.1726192241.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283811130, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 11500, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:36:51.313] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:36:51.313] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:36:51.313] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:36:51.313] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:36:54.268] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25441 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_whoami.pcap.TCP_192-168-52-1_42110_192-168-52-129_443.1726042297.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_whoami.pcap.TCP_192-168-52-1_42110_192-168-52-129_443.1726042297.jsonl?X-Amz-Date=20251209T123653Z&X-Amz-Signature=8d31ba7ad88845fbbaa8cb9d7a95e974e7d61b74feb4637a07eea709c588d2e9&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-09 20:36:54.268] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:36:54.269] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:36:54.269] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:36:54.269] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:36:54.269] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:36:54.269] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:36:54.454] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_whoami.pcap.TCP_192-168-52-1_42110_192-168-52-129_443.1726042297.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283814269, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 42110, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.870831642951712, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:36:54.454] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:36:54.454] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:36:54.454] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:36:54.454] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:36:57.455] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24342 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai3ywlkhflow1ywrkh.1726051942.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai3ywlkhflow1ywrkh.1726051942.jsonl?X-Amz-Signature=ff6e460fbc45cb066f4a1edaadf47e7cbbfdf15354b4d52024b1143474a0a12c&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123656Z"} [2025-12-09 20:36:57.455] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:36:57.455] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:36:57.455] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:36:57.455] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:36:57.455] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:36:57.456] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:36:57.654] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai3ywlkhflow1ywrkh.1726051942.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283817456, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50532, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9010988274471945, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:36:57.654] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:36:57.654] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:36:57.654] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:36:57.654] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:37:00.593] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24343 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai3ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50532.1726051942.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai3ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50532.1726051942.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T123700Z&X-Amz-Signature=5d93abe07754421de1972393115a4367f0dde94b393529ba1c15fe9482824aa3"} [2025-12-09 20:37:00.593] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:37:00.593] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:37:00.593] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:37:00.593] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:37:00.593] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:37:00.594] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:37:00.780] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai3ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50532.1726051942.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283820594, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50532, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9010988274471945, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:37:00.780] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:37:00.780] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:37:00.780] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:37:00.780] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:37:03.710] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24344 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_cat.pcap.TCP_192-168-52-1_11657_192-168-52-129_80.1726192308.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_cat.pcap.TCP_192-168-52-1_11657_192-168-52-129_80.1726192308.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123703Z&X-Amz-Signature=32a701c4198ec182502abd4dbe0f7f193681b6add9cd21e69ea833343e6ad7b4&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:37:03.710] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:37:03.710] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:37:03.710] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:37:03.710] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:37:03.711] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:37:03.711] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:37:03.894] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_cat.pcap.TCP_192-168-52-1_11657_192-168-52-129_80.1726192308.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765283823711, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 20:37:03.894] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 20:37:03.894] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:37:06.866] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25089 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai2ywlkhflow1ywrkh.1726051899.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai2ywlkhflow1ywrkh.1726051899.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=56d9dc4f201e91e009aed46ab62e46582c92035f8fa89f8dfd86bdb97dd850b9&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251209T123706Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:37:06.866] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:37:06.866] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:37:06.867] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:37:06.867] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:37:06.867] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:37:06.867] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:37:07.052] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai2ywlkhflow1ywrkh.1726051899.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283826867, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50530, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8991885414408523, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:37:07.052] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:37:07.052] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:37:07.052] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:37:07.052] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:37:10.004] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24345 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai2ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50530.1726051899.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai2ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50530.1726051899.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=d50c63e03110ead1526b6ffbd038075884552f0183c7993e615885dc77e9f71e&X-Amz-Date=20251209T123709Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:37:10.004] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:37:10.004] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:37:10.005] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:37:10.005] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:37:10.005] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:37:10.005] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:37:10.191] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai2ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50530.1726051899.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283830005, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50530, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8991885414408523, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:37:10.191] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:37:10.191] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:37:10.191] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:37:10.191] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:37:13.115] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25442 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_cat.pcap.TCP_192-168-52-1_42299_192-168-52-129_443.1726042454.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_cat.pcap.TCP_192-168-52-1_42299_192-168-52-129_443.1726042454.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=3d2e2c4af18ab0f4f248e283ef64aaac1ba35401fd1662e54238d7a60721689a&X-Amz-Date=20251209T123712Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:37:13.115] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:37:13.115] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:37:13.115] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:37:13.115] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:37:13.115] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:37:13.116] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:37:13.299] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_cat.pcap.TCP_192-168-52-1_42299_192-168-52-129_443.1726042454.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765283833116, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 20:37:13.299] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 20:37:13.299] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:37:16.271] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25443 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID22-tls1.3CS4.8_mac_kali_openjdk_domain3.1726212571.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID22-tls1.3CS4.8_mac_kali_openjdk_domain3.1726212571.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123715Z&X-Amz-Signature=ad6898525116bf1e2e856ac93c794ec9b1043af6390ba8b59331facac6c9350d&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:37:16.271] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:37:16.271] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:37:16.271] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:37:16.271] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:37:16.271] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:37:16.272] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:37:16.531] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID22-tls1.3CS4.8_mac_kali_openjdk_domain3.1726212571.jsonl|result:{"code": 1, "total_count": 30, "alert_count": 30, "abnormal_count": 30, "normal_count": 0, "timestamp": 1765283836272, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50121, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9811801432488392, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50099, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9925659925692168, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50101, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9059397889180666, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50106, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.992579251484475, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50120, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9973484671154503, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50116, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9146792526308372, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50117, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9893246668636865, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50107, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.957316741244574, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50113, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9961725500417813, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50109, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9765797730939423, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50118, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9939905270358815, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50094, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9913497115129094, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50095, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9973308371583047, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50096, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9809496040762827, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50100, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9978813030484246, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50114, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9706321954426319, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50110, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9972080274194728, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50102, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9533124084669521, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50097, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.971272975693726, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50104, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9699425847800891, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50105, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.922400126706727, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50111, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9877115672517671, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50092, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50093, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9935550774029027, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50098, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8558902763119373, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50115, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9906508911936864, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50108, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9965447116166124, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50112, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9830457347118746, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50119, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9606648505653901, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50103, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8913937097071337, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:37:16.532] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 30|max_alert: 1000 [2025-12-09 20:37:16.532] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:37:16.532] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:37:16.532] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:37:19.409] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25444 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogaizwlkhflow1zwrkh.1726044658.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogaizwlkhflow1zwrkh.1726044658.jsonl?X-Amz-Signature=09cca19edc69dd248fb5809ec867b73235b6cd0498bd7078c5157ef8b4f71e73&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123718Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 20:37:19.409] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:37:19.409] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:37:19.409] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:37:19.409] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:37:19.409] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:37:19.410] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:37:19.596] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogaizwlkhflow1zwrkh.1726044658.jsonl|result:{"code": 1, "total_count": 2, "alert_count": 2, "abnormal_count": 2, "normal_count": 0, "timestamp": 1765283839410, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49260, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.6796832720229173, "2_count": 2, "2_sum": 2, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49259, "dest_port": 50050, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 2, "2_sum": 2, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:37:19.597] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 2|max_alert: 1000 [2025-12-09 20:37:19.597] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:37:19.597] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:37:19.597] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:37:22.550] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24346 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogaizwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49260.1726044661.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogaizwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49260.1726044661.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=f5f803f2ff53363a9d926bbfeb78afdb7b86003cdaea9a9cb9c173bb9216a666&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T123722Z"} [2025-12-09 20:37:22.550] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:37:22.550] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:37:22.550] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:37:22.550] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:37:22.550] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:37:22.551] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:37:22.771] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogaizwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49260.1726044661.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283842551, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49260, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.6796832720229173, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:37:22.771] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:37:22.771] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:37:22.771] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:37:22.771] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:37:25.654] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25090 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID71_Z_Godzilla_ekp1.1_jsp_linux-http.pcap.TCP_192-168-0-3_62448_192-168-0-202_8080.1726715820.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID71_Z_Godzilla_ekp1.1_jsp_linux-http.pcap.TCP_192-168-0-3_62448_192-168-0-202_8080.1726715820.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123725Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=603d8b0bab67bad97a4416318d87258d14646580b0838f02ecadfc334301ff2e"} [2025-12-09 20:37:25.654] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:37:25.654] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:37:25.655] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:37:25.655] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:37:25.655] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:37:25.656] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:37:25.840] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID71_Z_Godzilla_ekp1.1_jsp_linux-http.pcap.TCP_192-168-0-3_62448_192-168-0-202_8080.1726715820.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283845656, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.0.3", "dest_ip": "192.168.0.202", "protocol": 6, "src_port": 62448, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:37:25.840] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:37:25.840] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:37:25.840] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:37:25.840] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:37:28.774] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25445 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP.1726043311.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP.1726043311.jsonl?X-Amz-Expires=604800&X-Amz-Signature=fb01e6c2646c79203f2bd1f753af5c8f743ef061bec9d88c0fc591296ea95c42&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T123728Z"} [2025-12-09 20:37:28.775] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:37:28.775] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:37:28.775] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:37:28.775] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:37:28.775] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:37:28.775] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:37:28.964] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP.1726043311.jsonl|result:{"code": 1, "total_count": 3, "alert_count": 3, "abnormal_count": 3, "normal_count": 0, "timestamp": 1765283848775, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49236, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8726555512649641, "2_count": 3, "2_sum": 3, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49235, "dest_port": 50050, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 3, "2_sum": 3, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49234, "dest_port": 50050, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 3, "2_sum": 3, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:37:28.965] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 3|max_alert: 1000 [2025-12-09 20:37:28.965] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:37:28.965] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:37:28.965] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:37:31.981] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25446 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID22-tls1.3CS4.8_mac_kali_openjdk_domain2.1726212514.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID22-tls1.3CS4.8_mac_kali_openjdk_domain2.1726212514.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=4c8ab37b325ed4613cbcc7aa20336940726717188e40b26490d6e8e4d35f057b&X-Amz-Date=20251209T123731Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-09 20:37:31.981] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:37:31.981] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:37:31.982] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:37:31.982] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:37:31.982] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:37:31.982] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:37:32.250] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID22-tls1.3CS4.8_mac_kali_openjdk_domain2.1726212514.jsonl|result:{"code": 1, "total_count": 28, "alert_count": 28, "abnormal_count": 28, "normal_count": 0, "timestamp": 1765283851982, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50090, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9714484798319067, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50067, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9911300327715452, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50071, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9962923603266659, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50083, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9960854099602006, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50080, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9494903166921302, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50069, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9937542777997674, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50072, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9902096152170293, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50082, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9949765402218131, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50066, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9865231777367143, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50076, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9940318165078508, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50079, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9619127811045495, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50081, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9852182826513363, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50065, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9861156591914846, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50086, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9815741346253922, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50088, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9944331154426221, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50070, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9836455802589793, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50075, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8438996524767447, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50073, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9784413631036302, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50074, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9921356836697374, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50077, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9864977092629397, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50084, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9943455112777259, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50064, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50085, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9961868284125542, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50087, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9951385309373632, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50091, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9838514284301566, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50068, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9854402752815357, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50078, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9962814503649499, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50089, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9923521151210051, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:37:32.250] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 28|max_alert: 1000 [2025-12-09 20:37:32.250] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:37:32.250] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:37:32.250] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:37:35.124] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25447 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-30_49236.1726043317.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-30_49236.1726043317.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T123734Z&X-Amz-SignedHeaders=host&X-Amz-Signature=fa4b65882121fcb095e01d8782aecc664eda4ab814d3155853fd70da7aa74176&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-09 20:37:35.124] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:37:35.125] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:37:35.125] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:37:35.125] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:37:35.125] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:37:35.125] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:37:35.309] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-30_49236.1726043317.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283855125, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49236, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8726555512649641, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:37:35.309] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:37:35.309] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:37:35.309] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:37:35.309] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:37:38.289] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25091 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID24-tls1.3CS4.8_mac_ubuntu_openjdk_domain3.1726211028.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID24-tls1.3CS4.8_mac_ubuntu_openjdk_domain3.1726211028.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T123737Z&X-Amz-Signature=6f026dce69c99a56e36c828931b775b0b85607c7e7a76ab62bee7513d4ebe17c&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:37:38.290] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:37:38.290] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:37:38.290] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:37:38.290] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:37:38.290] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:37:38.290] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:37:38.547] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID24-tls1.3CS4.8_mac_ubuntu_openjdk_domain3.1726211028.jsonl|result:{"code": 1, "total_count": 29, "alert_count": 29, "abnormal_count": 29, "normal_count": 0, "timestamp": 1765283858291, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49780, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9280517790258257, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49778, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.987972943687672, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49786, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9846961788953118, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49799, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9944167577577538, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49798, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9950820975221701, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49788, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.999657924785119, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49793, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9732994974432579, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49774, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9924965254705932, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49796, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9969652909756276, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49781, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.989138721392638, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49773, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987820744776774, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49779, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8382320110400495, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49797, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.992756928668088, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49772, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49795, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9990197202721924, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49791, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9990180186444445, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49800, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9431676483550671, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49775, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9926604675393249, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49776, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9888252075744062, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49783, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9087249661650049, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49784, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.992804351549356, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49789, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9996387593672055, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49777, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9941535067141068, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49792, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9958791718264562, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49785, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.989033351162948, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49787, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9948486477463612, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49794, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9899744671542131, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49790, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9944972176286252, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49782, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9559244151238987, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:37:38.547] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 29|max_alert: 1000 [2025-12-09 20:37:38.547] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:37:38.547] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:37:38.547] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:37:41.422] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24347 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP.1726042715.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP.1726042715.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=67267ea7118a680a71d7c8d6de17563de183bdbee5f356e5317e8d5c2a9987b1&X-Amz-Expires=604800&X-Amz-Date=20251209T123740Z"} [2025-12-09 20:37:41.422] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:37:41.422] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:37:41.422] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:37:41.422] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:37:41.422] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:37:41.423] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:37:41.619] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP.1726042715.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283861423, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49227, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8549675798446492, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:37:41.619] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:37:41.619] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:37:41.619] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:37:41.619] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:37:44.566] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25092 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-30_49227.1726042715.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-30_49227.1726042715.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=dff2a274b0c404836a80a3fa134212d3df2f384d0f5270707a08a8d8a4fcef66&X-Amz-Expires=604800&X-Amz-Date=20251209T123744Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:37:44.566] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:37:44.566] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:37:44.566] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:37:44.566] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:37:44.566] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:37:44.567] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:37:44.753] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-30_49227.1726042715.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283864567, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49227, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8549675798446492, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:37:44.753] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:37:44.753] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:37:44.753] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:37:44.753] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:37:47.708] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25448 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_whoami.pcap.TCP_192-168-52-1_11978_192-168-52-129_443.1726018395.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_whoami.pcap.TCP_192-168-52-1_11978_192-168-52-129_443.1726018395.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123747Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=39cbefee236c17b54be1e6f0cc85035b383cc034e8eadfed2d954dbf30df94e4&X-Amz-Expires=604800"} [2025-12-09 20:37:47.708] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:37:47.709] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:37:47.709] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:37:47.709] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:37:47.709] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:37:47.709] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:37:47.895] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_whoami.pcap.TCP_192-168-52-1_11978_192-168-52-129_443.1726018395.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283867709, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 11978, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999995485618658, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:37:47.895] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:37:47.895] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:37:47.895] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:37:47.895] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:37:50.850] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25093 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai2_http_ls.pcap.TCP_192-168-52-1_13132_192-168-52-129_80.1726193238.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai2_http_ls.pcap.TCP_192-168-52-1_13132_192-168-52-129_80.1726193238.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=978d5f0620cbcd72e0ec4de7e3dedd4fda6f76361bf591e6d6f5d17d3dd34ac8&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T123750Z"} [2025-12-09 20:37:50.850] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:37:50.850] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:37:50.850] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:37:50.850] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:37:50.850] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:37:50.851] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:37:51.035] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai2_http_ls.pcap.TCP_192-168-52-1_13132_192-168-52-129_80.1726193238.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283870851, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 13132, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:37:51.035] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:37:51.035] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:37:51.035] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:37:51.035] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:37:53.991] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25449 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.3_1.pcap.TCP_10-0-4-15_443_218-26-55-102_43319.1726308806.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.3_1.pcap.TCP_10-0-4-15_443_218-26-55-102_43319.1726308806.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T123753Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=b427fab093fcab6938b90efc76326d1691f2e499b04de2e563f6d4b09f4fccd1"} [2025-12-09 20:37:53.991] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:37:53.991] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:37:53.991] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:37:53.991] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:37:53.991] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:37:53.991] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:37:54.212] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.3_1.pcap.TCP_10-0-4-15_443_218-26-55-102_43319.1726308806.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283873992, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "218.26.55.102", "dest_ip": "10.0.4.15", "protocol": 6, "src_port": 43319, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9995815701114811, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:37:54.212] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:37:54.212] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:37:54.212] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:37:54.212] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:37:57.121] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25450 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_ls.pcap.TCP_192-168-52-1_13351_192-168-52-129_80.1726193406.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_ls.pcap.TCP_192-168-52-1_13351_192-168-52-129_80.1726193406.jsonl?X-Amz-Date=20251209T123756Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=8407aa498e328f05bd7db036764e164e5de77a9467cfcb4d6a37d60796ca8438"} [2025-12-09 20:37:57.121] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:37:57.121] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:37:57.121] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:37:57.121] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:37:57.121] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:37:57.122] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:37:57.302] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_ls.pcap.TCP_192-168-52-1_13351_192-168-52-129_80.1726193406.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283877122, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 13351, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:37:57.302] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:37:57.302] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:37:57.302] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:37:57.302] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:38:00.258] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25094 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID25-tls1.2CS4.8_centos_ubuntu_jdk_domian.1728733260.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID25-tls1.2CS4.8_centos_ubuntu_jdk_domian.1728733260.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=898262f13e8eaaee2de44dfab3f7436a60d019491744b1c784fd87e1e35f7ecb&X-Amz-Date=20251209T123759Z&X-Amz-Expires=604800"} [2025-12-09 20:38:00.258] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:38:00.258] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:38:00.258] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:38:00.258] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:38:00.258] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:38:00.259] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:38:00.490] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID25-tls1.2CS4.8_centos_ubuntu_jdk_domian.1728733260.jsonl|result:{"code": 1, "total_count": 16, "alert_count": 16, "abnormal_count": 16, "normal_count": 0, "timestamp": 1765283880259, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 54674, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 54686, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.7828899162284786, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 54682, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.8854341088666021, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 54698, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.5608495250974965, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 54696, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.9275189616794793, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 54702, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.9681026865142206, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 54678, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.8992782512698286, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 54684, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.7630858552647061, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 54680, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.89541734297925, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 54694, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.887827227182562, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 54700, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.8936371723503499, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 54676, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.7904088619726505, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 54704, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.9511760893533832, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 54688, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.7626431775383956, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 54692, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.8812165772123437, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 54690, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.7045034266743581, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:38:00.490] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 16|max_alert: 1000 [2025-12-09 20:38:00.490] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:38:00.490] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:38:00.490] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:38:03.429] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24348 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogaitls1.2_cat.pcap.TCP_192-168-52-1_41203_192-168-52-129_443.1726041863.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogaitls1.2_cat.pcap.TCP_192-168-52-1_41203_192-168-52-129_443.1726041863.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=7bd8fe6864bb384e1c080e6f8b13d02d8f74712d4c27fe6b8866e3870e0ca54a&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251209T123802Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:38:03.429] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:38:03.429] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:38:03.429] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:38:03.429] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:38:03.429] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:38:03.430] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:38:03.616] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogaitls1.2_cat.pcap.TCP_192-168-52-1_41203_192-168-52-129_443.1726041863.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283883430, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 41203, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999996967263856, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:38:03.616] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:38:03.616] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:38:03.616] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:38:03.616] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:38:06.604] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25095 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_ls.pcap.TCP_192-168-52-1_11615_192-168-52-129_443.1726018232.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_ls.pcap.TCP_192-168-52-1_11615_192-168-52-129_443.1726018232.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=4e4a61d54d2de703ae2a85d8af476e87bcd19e187f8fe1078ba38f9717223deb&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251209T123806Z"} [2025-12-09 20:38:06.604] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:38:06.604] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:38:06.604] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:38:06.604] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:38:06.604] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:38:06.605] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:38:06.791] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_ls.pcap.TCP_192-168-52-1_11615_192-168-52-129_443.1726018232.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283886605, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 11615, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999994275985199, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:38:06.791] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:38:06.791] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:38:06.791] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:38:06.791] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:38:09.741] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25096 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_ls.pcap.TCP_192-168-52-1_12244_192-168-52-129_443.1726018528.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_ls.pcap.TCP_192-168-52-1_12244_192-168-52-129_443.1726018528.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T123809Z&X-Amz-SignedHeaders=host&X-Amz-Signature=2d8b95147a950c7271500861ddf829bf0a41874fc9fbca108760cbcd50f5a9f6&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-09 20:38:09.741] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:38:09.741] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:38:09.741] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:38:09.742] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:38:09.742] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:38:09.742] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:38:09.931] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_ls.pcap.TCP_192-168-52-1_12244_192-168-52-129_443.1726018528.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283889743, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 12244, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999991758557298, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:38:09.931] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:38:09.931] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:38:09.931] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:38:09.931] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:38:12.923] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25097 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_cat.pcap.TCP_192-168-52-1_11799_192-168-52-129_443.1726018273.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_cat.pcap.TCP_192-168-52-1_11799_192-168-52-129_443.1726018273.jsonl?X-Amz-Signature=ac58a9da145d3edb20485f7885ddde2186ee2403becb76280cd8439eedac3625&X-Amz-Date=20251209T123812Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-09 20:38:12.923] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:38:12.923] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:38:12.923] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:38:12.923] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:38:12.923] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:38:12.924] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:38:13.110] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_cat.pcap.TCP_192-168-52-1_11799_192-168-52-129_443.1726018273.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283892924, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 11799, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999990088490532, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:38:13.110] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:38:13.110] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:38:13.110] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:38:13.110] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:38:16.041] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25098 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai3_http_whoami.pcap.TCP_192-168-52-1_13086_192-168-52-129_80.1726193199.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai3_http_whoami.pcap.TCP_192-168-52-1_13086_192-168-52-129_80.1726193199.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T123815Z&X-Amz-SignedHeaders=host&X-Amz-Signature=bdecf65984dc8634231aa2b4460f844cf3b5c939ee797f164186cdde5f6b494e&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-09 20:38:16.041] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:38:16.041] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:38:16.041] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:38:16.041] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:38:16.041] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:38:16.042] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:38:16.226] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai3_http_whoami.pcap.TCP_192-168-52-1_13086_192-168-52-129_80.1726193199.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283896042, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 13086, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:38:16.226] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:38:16.226] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:38:16.226] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:38:16.226] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:38:19.195] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25451 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_cat.pcap.TCP_192-168-52-1_12297_192-168-52-129_443.1726018573.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_cat.pcap.TCP_192-168-52-1_12297_192-168-52-129_443.1726018573.jsonl?X-Amz-Signature=869b521601f8f2c7569c51aa5cbc76cdc40bf60696a244b83a266600d3161034&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T123818Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:38:19.195] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:38:19.195] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:38:19.196] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:38:19.196] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:38:19.196] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:38:19.196] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:38:19.382] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_cat.pcap.TCP_192-168-52-1_12297_192-168-52-129_443.1726018573.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283899196, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 12297, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999979203508564, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:38:19.383] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:38:19.383] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:38:19.383] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:38:19.383] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:38:22.307] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24349 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__http_ls.pcap.TCP_192-168-52-1_11912_192-168-52-129_80.1726192481.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__http_ls.pcap.TCP_192-168-52-1_11912_192-168-52-129_80.1726192481.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=34dd961ef21927c363de1969fb63dec110974a5496ae30e752e2f914cf883c56&X-Amz-Date=20251209T123821Z"} [2025-12-09 20:38:22.307] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:38:22.307] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:38:22.307] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:38:22.307] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:38:22.307] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:38:22.308] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:38:22.492] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__http_ls.pcap.TCP_192-168-52-1_11912_192-168-52-129_80.1726192481.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283902308, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 11912, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:38:22.492] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:38:22.492] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:38:22.492] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:38:22.492] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:38:25.449] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25099 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogaitls1.2_whoami.pcap.TCP_192-168-52-1_41141_192-168-52-129_443.1726041812.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogaitls1.2_whoami.pcap.TCP_192-168-52-1_41141_192-168-52-129_443.1726041812.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123824Z&X-Amz-Expires=604800&X-Amz-Signature=440f97fe82059fb35034b8b216ad785ca530b428449e5a5e5e0418b5e7c35af2"} [2025-12-09 20:38:25.449] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:38:25.449] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:38:25.449] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:38:25.449] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:38:25.449] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:38:25.450] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:38:25.636] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogaitls1.2_whoami.pcap.TCP_192-168-52-1_41141_192-168-52-129_443.1726041812.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283905450, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 41141, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999989062398834, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:38:25.636] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:38:25.636] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:38:25.636] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:38:25.636] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:38:28.583] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25100 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_ls.pcap.TCP_192-168-52-1_42840_192-168-52-129_443.1726042754.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_ls.pcap.TCP_192-168-52-1_42840_192-168-52-129_443.1726042754.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=432f450fd36f31863a1423866ad65eccb13e21ca4077ed6a7649660691e84c37&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T123828Z"} [2025-12-09 20:38:28.584] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:38:28.584] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:38:28.584] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:38:28.584] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:38:28.584] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:38:28.584] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:38:28.804] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_ls.pcap.TCP_192-168-52-1_42840_192-168-52-129_443.1726042754.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283908584, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 42840, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999994110421229, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:38:28.804] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:38:28.804] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:38:28.804] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:38:28.804] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:38:31.729] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25101 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_whoami.pcap.TCP_192-168-52-1_13302_192-168-52-129_80.1726193375.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_whoami.pcap.TCP_192-168-52-1_13302_192-168-52-129_80.1726193375.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=4f016f80a9c0d873f5d3425cf5592ac67c933912da172b6b0a15be0dd15b4d54&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123831Z"} [2025-12-09 20:38:31.729] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:38:31.729] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:38:31.729] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:38:31.729] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:38:31.729] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:38:31.730] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:38:31.914] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_whoami.pcap.TCP_192-168-52-1_13302_192-168-52-129_80.1726193375.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283911730, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 13302, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:38:31.914] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:38:31.914] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:38:31.914] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:38:31.914] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:38:34.855] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25102 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_cat.pcap.TCP_192-168-52-1_13377_192-168-52-129_80.1726193427.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_cat.pcap.TCP_192-168-52-1_13377_192-168-52-129_80.1726193427.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=be1577ce5f456f2a6a69e3a962e5b3fb2cad1af6a373dd7f9d6267e235d07354&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123834Z"} [2025-12-09 20:38:34.856] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:38:34.856] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:38:34.856] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:38:34.856] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:38:34.856] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:38:34.856] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:38:35.041] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_cat.pcap.TCP_192-168-52-1_13377_192-168-52-129_80.1726193427.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283914857, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 13377, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:38:35.041] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:38:35.041] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:38:35.041] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:38:35.041] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:38:37.998] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25452 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_cat.pcap.TCP_192-168-52-1_12295_192-168-52-129_443.1726018573.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_cat.pcap.TCP_192-168-52-1_12295_192-168-52-129_443.1726018573.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251209T123837Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=39c3677de642b6720bebe7f2a15c6913c637b58ffddb72b4cb4cba782bd521f5&X-Amz-Expires=604800"} [2025-12-09 20:38:37.998] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:38:37.998] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:38:37.998] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:38:37.998] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:38:37.998] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:38:37.999] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:38:38.185] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_cat.pcap.TCP_192-168-52-1_12295_192-168-52-129_443.1726018573.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283917999, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 12295, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.999995347060206, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:38:38.185] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:38:38.185] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:38:38.185] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:38:38.185] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:38:41.147] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25103 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_domainzwlkhflow1zwrkh.1726040971.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_domainzwlkhflow1zwrkh.1726040971.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=407ad2187a5fbeea2912c8086e32129c5b8090c06276190a33ffecce9ed423c4&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123840Z&X-Amz-Expires=604800"} [2025-12-09 20:38:41.148] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:38:41.148] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:38:41.148] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:38:41.148] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:38:41.148] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:38:41.148] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:38:41.334] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_domainzwlkhflow1zwrkh.1726040971.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283921148, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49222, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8672757517500722, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:38:41.335] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:38:41.335] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:38:41.335] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:38:41.335] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:38:44.303] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24350 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_domainzwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49222.1726040971.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_domainzwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49222.1726040971.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251209T123843Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=f9d02113d252d8a31997ba4e9d682baf4d425dfab53d095699077d64b123869d&X-Amz-SignedHeaders=host"} [2025-12-09 20:38:44.303] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:38:44.303] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:38:44.303] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:38:44.303] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:38:44.303] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:38:44.304] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:38:44.490] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_domainzwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49222.1726040971.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283924304, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49222, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8672757517500722, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:38:44.491] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:38:44.491] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:38:44.491] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:38:44.491] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:38:47.488] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25453 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID40-tls1.2CS4.8_windowsserver2008R2_ubuntu_openjdk_IP.1726233486.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID40-tls1.2CS4.8_windowsserver2008R2_ubuntu_openjdk_IP.1726233486.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=8b0c44b20c79b562f6e8c2642c4c9f5b661ddfa8e6a971348d0c57f99d192174&X-Amz-Date=20251209T123846Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:38:47.488] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:38:47.488] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:38:47.488] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:38:47.488] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:38:47.489] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:38:47.490] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:38:47.783] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID40-tls1.2CS4.8_windowsserver2008R2_ubuntu_openjdk_IP.1726233486.jsonl|result:{"code": 1, "total_count": 38, "alert_count": 38, "abnormal_count": 38, "normal_count": 0, "timestamp": 1765283927490, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50226, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9970854732141112, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50180, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6534580909365131, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50192, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6092417410400571, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50232, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5582827271566351, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50235, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6677992416246191, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50206, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.985719712302142, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50208, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7526694871873465, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50198, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5212532317820967, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50220, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9301621583997064, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50230, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7408975270597601, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50228, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9151646694291784, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50194, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6654672400410357, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50200, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6493722336061095, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50216, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9789676979462377, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50233, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9667694225277425, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50202, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7522464071617297, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50238, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6949451856677477, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50190, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5856197408985024, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50186, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8030879579406135, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50196, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5214885513925283, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50178, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.732311186682568, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50214, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7440167866112836, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50212, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6412779148112056, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50182, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6990510662358953, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50224, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7218997145108652, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50237, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5404542800542543, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50239, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5136080494755816, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50240, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.953442967717258, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50184, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5009170703445844, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50218, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6617939663637548, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50188, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6030830063373747, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50210, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6489862176157795, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50222, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6622663499773793, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50176, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5350925499476693, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50236, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5109238951686534, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50231, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9813471546804314, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50234, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6664485960534436, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50204, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9967414485067707, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:38:47.783] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 38|max_alert: 1000 [2025-12-09 20:38:47.783] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:38:47.783] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:38:47.783] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:38:50.635] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25104 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_https_cat.pcap.TCP_192-168-52-1_41044_192-168-52-129_443.1726041741.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_https_cat.pcap.TCP_192-168-52-1_41044_192-168-52-129_443.1726041741.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=94cb681b00da60a41064c150af2b9318fd96aa44b87145b327e3fbe254ca9406&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T123850Z&X-Amz-Expires=604800"} [2025-12-09 20:38:50.636] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:38:50.636] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:38:50.636] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:38:50.636] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:38:50.636] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:38:50.636] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:38:50.820] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_https_cat.pcap.TCP_192-168-52-1_41044_192-168-52-129_443.1726041741.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283930636, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 41044, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999988170489669, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:38:50.820] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:38:50.820] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:38:50.820] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:38:50.820] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:38:53.772] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25454 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai2_https_ls.pcap.TCP_192-168-52-1_41006_192-168-52-129_443.1726041711.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai2_https_ls.pcap.TCP_192-168-52-1_41006_192-168-52-129_443.1726041711.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251209T123853Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=08431596bf40d065724fcca912d7623f640aef67d956bafe4dd25d572acd9d0c&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:38:53.772] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:38:53.772] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:38:53.772] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:38:53.772] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:38:53.772] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:38:53.773] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:38:53.959] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai2_https_ls.pcap.TCP_192-168-52-1_41006_192-168-52-129_443.1726041711.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283933773, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 41006, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999971909647384, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:38:53.959] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:38:53.959] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:38:53.959] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:38:53.959] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:38:56.906] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25455 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_whoami.pcap.TCP_192-168-52-1_42804_192-168-52-129_443.1726042728.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_whoami.pcap.TCP_192-168-52-1_42804_192-168-52-129_443.1726042728.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=462232ad5d8408639c5f748fe5e39e9e226d36a712c7502ceb159aefd9fe77c6&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251209T123856Z"} [2025-12-09 20:38:56.906] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:38:56.906] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:38:56.906] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:38:56.906] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:38:56.906] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:38:56.906] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:38:57.093] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_whoami.pcap.TCP_192-168-52-1_42804_192-168-52-129_443.1726042728.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283936906, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 42804, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999994275836422, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:38:57.093] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:38:57.093] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:38:57.093] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:38:57.093] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:39:00.048] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25105 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID26-tls1.2CS4.8_centos_ubuntu_openjdk_domain.1728728620.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID26-tls1.2CS4.8_centos_ubuntu_openjdk_domain.1728728620.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=7aabfb93f5e8d143111dd41bc2ad896305837e88e43839800c31d94105461a4b&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T123859Z&X-Amz-Expires=604800"} [2025-12-09 20:39:00.048] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:39:00.048] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:39:00.048] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:39:00.049] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:39:00.049] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:39:00.049] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:39:00.277] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID26-tls1.2CS4.8_centos_ubuntu_openjdk_domain.1728728620.jsonl|result:{"code": 1, "total_count": 15, "alert_count": 15, "abnormal_count": 15, "normal_count": 0, "timestamp": 1765283940049, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 57764, "dest_port": 6666, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 57774, "dest_port": 6666, "y_pred": 1, "y_pred_proba_max": 0.9536843833998847, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 57768, "dest_port": 6666, "y_pred": 1, "y_pred_proba_max": 0.615258642064978, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 57780, "dest_port": 6666, "y_pred": 1, "y_pred_proba_max": 0.5931218828045606, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 57784, "dest_port": 6666, "y_pred": 1, "y_pred_proba_max": 0.9652196351092807, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 57772, "dest_port": 6666, "y_pred": 1, "y_pred_proba_max": 0.7255191362562268, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 57786, "dest_port": 6666, "y_pred": 1, "y_pred_proba_max": 0.5727607004172083, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 57766, "dest_port": 6666, "y_pred": 1, "y_pred_proba_max": 0.6623903856677502, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 57770, "dest_port": 6666, "y_pred": 1, "y_pred_proba_max": 0.8345362070996089, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 57790, "dest_port": 6666, "y_pred": 1, "y_pred_proba_max": 0.8822160546257996, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 57776, "dest_port": 6666, "y_pred": 1, "y_pred_proba_max": 0.8522559635829474, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 57782, "dest_port": 6666, "y_pred": 1, "y_pred_proba_max": 0.5337578116520333, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 57778, "dest_port": 6666, "y_pred": 1, "y_pred_proba_max": 0.7898348227275912, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 57792, "dest_port": 6666, "y_pred": 1, "y_pred_proba_max": 0.9670368110108151, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 57788, "dest_port": 6666, "y_pred": 1, "y_pred_proba_max": 0.8679184214341474, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:39:00.277] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 15|max_alert: 1000 [2025-12-09 20:39:00.277] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:39:00.277] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:39:00.277] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:39:03.183] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25106 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.TCP_192-168-52-1_42735_192-168-52-129_443.1726042673.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.TCP_192-168-52-1_42735_192-168-52-129_443.1726042673.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T123902Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=c8f04eba6d64e1c41c05e243af786f5d76ff9c0a89e20a682c8c952bde7968b5"} [2025-12-09 20:39:03.183] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:39:03.183] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:39:03.183] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:39:03.183] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:39:03.183] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:39:03.184] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:39:03.402] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.TCP_192-168-52-1_42735_192-168-52-129_443.1726042673.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283943184, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 42735, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999995582906659, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:39:03.402] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:39:03.402] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:39:03.402] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:39:03.402] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:39:06.294] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25107 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_http_cat.pcap.TCP_192-168-52-1_13160_192-168-52-129_80.1726193257.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_http_cat.pcap.TCP_192-168-52-1_13160_192-168-52-129_80.1726193257.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=0be9818a2a789d411b3e574d8c538bd8c534939985160b2ea1be158ce0779a7a&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123905Z"} [2025-12-09 20:39:06.294] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:39:06.294] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:39:06.294] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:39:06.294] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:39:06.295] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:39:06.295] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:39:06.478] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_http_cat.pcap.TCP_192-168-52-1_13160_192-168-52-129_80.1726193257.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283946295, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 13160, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:39:06.478] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:39:06.478] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:39:06.478] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:39:06.478] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:39:09.413] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24351 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_http_cat.pcap.TCP_192-168-52-1_11943_192-168-52-129_80.1726192508.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_http_cat.pcap.TCP_192-168-52-1_11943_192-168-52-129_80.1726192508.jsonl?X-Amz-Date=20251209T123908Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=3ac2f39127171317df2956229beeaabaaedbfea24fd4aec11fa790787491e534&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:39:09.413] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:39:09.413] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:39:09.413] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:39:09.413] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:39:09.413] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:39:09.414] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:39:09.597] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_http_cat.pcap.TCP_192-168-52-1_11943_192-168-52-129_80.1726192508.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283949414, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 11943, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:39:09.597] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:39:09.597] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:39:09.597] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:39:09.597] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:39:12.553] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24352 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_whoami.pcap.TCP_192-168-52-1_25201_192-168-52-129_443.1725956945.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_whoami.pcap.TCP_192-168-52-1_25201_192-168-52-129_443.1725956945.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123912Z&X-Amz-Signature=f2bdc7de6c33d39d72a0348394a85c9f8f6a3155662a510545b14300cf8a9b15&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:39:12.553] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:39:12.553] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:39:12.554] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:39:12.554] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:39:12.554] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:39:12.554] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:39:12.740] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_whoami.pcap.TCP_192-168-52-1_25201_192-168-52-129_443.1725956945.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283952554, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 25201, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999995600807153, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:39:12.740] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:39:12.740] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:39:12.740] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:39:12.740] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:39:15.690] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25108 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_ls.pcap.TCP_192-168-52-1_42702_192-168-52-129_443.1726042647.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_ls.pcap.TCP_192-168-52-1_42702_192-168-52-129_443.1726042647.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=0a25a8c2d11acaea89a997105f867b7034f992f8957ed752e8235c2f365b45eb&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T123915Z"} [2025-12-09 20:39:15.691] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:39:15.691] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:39:15.691] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:39:15.691] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:39:15.691] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:39:15.692] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:39:15.878] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_ls.pcap.TCP_192-168-52-1_42702_192-168-52-129_443.1726042647.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283955692, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 42702, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999985303094544, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:39:15.878] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:39:15.878] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:39:15.878] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:39:15.878] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:39:18.801] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24353 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__http_whoami.pcap.TCP_192-168-52-1_11875_192-168-52-129_80.1726192452.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__http_whoami.pcap.TCP_192-168-52-1_11875_192-168-52-129_80.1726192452.jsonl?X-Amz-Signature=ca18839f0275fbe94dfc754fe11ee49487b0895570de8466e475c16b0902ce7d&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123918Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 20:39:18.802] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:39:18.802] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:39:18.802] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:39:18.802] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:39:18.802] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:39:18.802] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:39:18.986] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__http_whoami.pcap.TCP_192-168-52-1_11875_192-168-52-129_80.1726192452.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283958802, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 11875, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:39:18.986] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:39:18.986] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:39:18.986] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:39:18.986] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:39:21.935] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24354 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_whoami.pcap.TCP_192-168-52-1_21125_192-168-52-129_443.1725955214.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_whoami.pcap.TCP_192-168-52-1_21125_192-168-52-129_443.1725955214.jsonl?X-Amz-Signature=f40c4edc5921c9e7c4da85923888ffe03f592fc3502c02201a0a7ebb94ebaf41&X-Amz-Date=20251209T123921Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-09 20:39:21.935] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:39:21.935] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:39:21.935] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:39:21.935] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:39:21.935] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:39:21.936] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:39:22.121] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_whoami.pcap.TCP_192-168-52-1_21125_192-168-52-129_443.1725955214.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283961936, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 21125, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.999998998896587, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:39:22.121] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:39:22.121] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:39:22.121] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:39:22.121] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:39:25.106] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25109 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogaitls1.2_ls.pcap.TCP_192-168-52-1_41174_192-168-52-129_443.1726041840.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogaitls1.2_ls.pcap.TCP_192-168-52-1_41174_192-168-52-129_443.1726041840.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=cd7c651bcee11a8843af67a7e96ca3639e8f2f7afdc5ff58afeb28d76fc6e56a&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123924Z&X-Amz-Expires=604800"} [2025-12-09 20:39:25.106] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:39:25.106] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:39:25.106] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:39:25.106] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:39:25.106] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:39:25.107] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:39:25.292] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogaitls1.2_ls.pcap.TCP_192-168-52-1_41174_192-168-52-129_443.1726041840.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283965107, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 41174, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999994050738346, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:39:25.292] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:39:25.292] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:39:25.292] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:39:25.292] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:39:28.234] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24355 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID22-tls1.3CS4.8_mac_kali_openjdk_domain1.1726212464.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID22-tls1.3CS4.8_mac_kali_openjdk_domain1.1726212464.jsonl?X-Amz-Date=20251209T123927Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=aa7a9f1ed2181372a14d0e8862bd6fe0e8398f77476da654d93ec8e6d8ed0af4"} [2025-12-09 20:39:28.234] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:39:28.234] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:39:28.235] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:39:28.235] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:39:28.235] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:39:28.235] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:39:28.474] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID22-tls1.3CS4.8_mac_kali_openjdk_domain1.1726212464.jsonl|result:{"code": 1, "total_count": 22, "alert_count": 22, "abnormal_count": 22, "normal_count": 0, "timestamp": 1765283968235, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50061, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9909478328736763, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50053, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9936793150174883, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50050, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9912539676793041, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50048, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9585708608829328, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50059, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9763359246317397, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50063, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9979425763068516, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50049, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9542583031234141, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50056, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9806901959743102, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50043, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9951477744650418, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50060, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9909241027192666, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50062, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9913417050330752, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50055, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9828557336195156, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50054, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9950780882305902, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50045, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9943347935105041, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50046, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9876939369673159, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50042, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50047, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9930440390574894, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50051, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9961645297777323, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50058, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9872479199169144, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50052, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9954358009909343, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50044, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9979838511141056, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50057, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9957882319465541, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:39:28.474] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 22|max_alert: 1000 [2025-12-09 20:39:28.474] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:39:28.474] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:39:28.474] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:39:31.394] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24356 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai3_https_whoami.pcap.TCP_192-168-52-1_40774_192-168-52-129_443.1726041616.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai3_https_whoami.pcap.TCP_192-168-52-1_40774_192-168-52-129_443.1726041616.jsonl?X-Amz-Date=20251209T123930Z&X-Amz-Signature=c410eefbb68fa8a40e9402b6b077be542e4e55bad77a849c9b09e4f027f46718&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-09 20:39:31.394] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:39:31.394] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:39:31.394] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:39:31.394] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:39:31.394] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:39:31.395] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:39:31.580] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai3_https_whoami.pcap.TCP_192-168-52-1_40774_192-168-52-129_443.1726041616.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283971395, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 40774, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999978113543249, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:39:31.580] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:39:31.580] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:39:31.580] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:39:31.580] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:39:34.527] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25110 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID24-tls1.3CS4.8_mac_ubuntu_openjdk_domain1.1726210647.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID24-tls1.3CS4.8_mac_ubuntu_openjdk_domain1.1726210647.jsonl?X-Amz-Expires=604800&X-Amz-Signature=baec6d570e08a6db92feab437bfd06835c467d006b86562c2e8d4600e080a025&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T123934Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-09 20:39:34.527] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:39:34.527] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:39:34.528] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:39:34.528] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:39:34.528] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:39:34.528] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:39:34.768] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID24-tls1.3CS4.8_mac_ubuntu_openjdk_domain1.1726210647.jsonl|result:{"code": 1, "total_count": 22, "alert_count": 22, "abnormal_count": 22, "normal_count": 0, "timestamp": 1765283974528, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49754, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9430324857787179, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49739, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7846651275323114, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49751, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9939352247240762, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49756, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9914727553401294, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49752, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9928270810438129, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49735, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49753, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9945352070474369, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49746, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.99678660131393, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49748, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.99442073397985, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49736, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.998299772069063, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49747, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9803233341325367, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49742, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9888708769344112, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49743, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9137106979292495, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49744, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9978738954258088, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49745, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9959891716996626, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49737, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9932198334809276, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49750, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.981419420684849, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49740, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.995168698561525, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49741, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9959611176689372, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49738, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9896345947000015, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49749, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9562215401549788, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49755, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9323692794491828, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:39:34.768] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 22|max_alert: 1000 [2025-12-09 20:39:34.768] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:39:34.768] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:39:34.768] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:39:37.665] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25456 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_cat.pcap.TCP_192-168-52-1_42866_192-168-52-129_443.1726042775.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_cat.pcap.TCP_192-168-52-1_42866_192-168-52-129_443.1726042775.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T123937Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=61ad2c6d30f4f9c1fe11da01e1a1173ab289af5440ac36e1ffe64ad1b2d58039&X-Amz-SignedHeaders=host"} [2025-12-09 20:39:37.665] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:39:37.665] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:39:37.665] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:39:37.666] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:39:37.666] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:39:37.667] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:39:37.897] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_cat.pcap.TCP_192-168-52-1_42866_192-168-52-129_443.1726042775.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765283977667, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 42866, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999996443158026, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:39:37.897] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:39:37.897] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:39:37.897] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:39:37.897] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:42:46.408] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25111 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.UDP_10-0-4-15_3389_111-53-218-171_51841.1726283902.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.UDP_10-0-4-15_3389_111-53-218-171_51841.1726283902.jsonl?X-Amz-Date=20251209T124245Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=07947a9977d1a73c851ee0c92435bc43de39b7c6d1e9d560c9b6f1336360bb57"} [2025-12-09 20:42:46.408] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:42:46.408] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:42:46.408] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:42:46.408] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:42:46.408] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:42:46.409] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:42:46.420] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.UDP_10-0-4-15_3389_111-53-218-171_51841.1726283902.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765284166409, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 20:42:46.420] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 20:42:46.420] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:42:49.862] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25457 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID9-tls1.2CS4.8_win8.1_kali_jdk_IP.1727073768.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID9-tls1.2CS4.8_win8.1_kali_jdk_IP.1727073768.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T124249Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=779aa0e3e07f5f7660ac293075da5118684be5420e51cdbeafe8071d6e9a028b"} [2025-12-09 20:42:49.862] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:42:49.862] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:42:49.862] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:42:49.862] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:42:49.862] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:42:49.863] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:42:50.906] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID9-tls1.2CS4.8_win8.1_kali_jdk_IP.1727073768.jsonl|result:{"code": 1, "total_count": 323, "alert_count": 323, "abnormal_count": 323, "normal_count": 0, "timestamp": 1765284169864, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50149, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9964602886969508, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49997, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9774943243914614, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50081, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.8036690920880585, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49962, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9656546128725347, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50078, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9760016444009831, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49887, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.6367014326485201, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50088, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9307981126558207, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49897, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9873893247398439, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49961, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9948216272906447, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50014, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.5593500439663502, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50090, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.8451640328264091, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50103, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9842715822673843, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50141, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.7008485511523361, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50075, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9712182366664839, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50122, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.9671815599568604, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49905, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.6623753581622265, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49998, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9950564493361544, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49954, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9578745900044038, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50002, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9796100937922201, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50135, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9219297999105767, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49849, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.7795758690613304, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49911, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9839068234366172, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49994, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9356096543841093, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50036, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.745348070777347, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50048, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9909363941223029, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49844, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49881, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5182515569447009, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50005, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9952732621737987, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50022, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9011803069598002, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49935, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.994303428938712, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49877, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9712236515182107, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50057, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.940569470466155, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49971, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5582732011545501, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49976, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9757711314223454, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50024, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.8047538586963607, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50000, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9640154492579236, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49975, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9178325840136805, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50021, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9706792142888904, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49915, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9869755232255546, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50106, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9871375017401144, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49996, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9816508015595911, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50018, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9897966744284692, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50009, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.6227210139218995, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49867, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9791580378182895, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50006, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.675702937075865, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50077, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9385310231904834, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49972, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.5977084809505079, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49960, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.6917337486336427, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49922, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.966225852433274, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50004, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.7772776044664502, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49909, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.8557526989526344, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49920, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.6739898927579671, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49893, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9924818795038265, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50056, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.912684512733928, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50102, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9812461025382226, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50082, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.961765519120334, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49966, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9787922611705792, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50110, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.9568265177495159, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50154, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9890794429686529, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50130, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9811008385825957, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49967, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9848507196477422, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49953, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9940758303917804, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49928, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9673150821938389, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49895, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.8454868302160361, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49873, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.989506020936303, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49978, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5070351413746987, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50008, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9769318401731768, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50071, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9366927191624654, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50080, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.6926540613435109, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49914, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9954426597621633, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50043, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5646919154649714, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50104, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9626675469607637, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49984, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9758353722425849, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50111, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5106043850275731, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50158, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.8579051679300373, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50160, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.8595390595271271, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49894, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9858409876125284, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49857, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9836569643814875, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50030, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.8490175847592613, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49858, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.6388164672448247, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49916, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.8368760718241542, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49917, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9557361850170469, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49992, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9513467485021676, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50092, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.6630111598006113, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50001, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9578625906245473, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49944, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9879159632423361, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50083, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9951763541291199, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50101, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9823051712208024, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49948, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9733998342879587, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49863, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5983683224577125, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50140, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9931337767029377, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49924, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.8993326300046355, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49964, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.968377670070066, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49941, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.697138567652706, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49981, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.5233872177522988, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49993, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.7885361627427978, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50117, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9373004389999428, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50033, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9068725678448161, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49952, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9839607167229134, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49949, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9702483769833885, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50065, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.8189260048664514, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49945, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9390842256612778, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49990, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9852063438386265, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50095, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.7038632668022207, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50003, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.9128968852262066, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50128, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9754581306752914, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49868, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.956450830909685, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49908, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5870987794919775, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49991, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9074188388328347, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49965, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9474212987085815, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49988, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5608042874599993, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50060, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9510219342830234, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50019, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.7519410807985978, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50087, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9259008476962212, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49865, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9734019507407136, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49884, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.6472833402561581, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50116, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.5053505791108346, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50020, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.547911109123112, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49934, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9825519254846108, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49929, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9760262098061426, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49913, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9141375545905563, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49854, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9759154665367663, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49927, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.7357554732817034, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49901, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.874609163743849, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49903, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9685188378293258, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49904, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.7209736555032992, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49907, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.7895530635868445, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50012, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.8353357749422853, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49899, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.7570261434076502, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50035, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9344513231653665, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49930, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.8360892610061819, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49982, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9821490742808658, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50041, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.8362354502605105, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49943, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9783863460849964, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50046, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9589199723621343, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50069, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9512551642487669, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50094, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.6746263792173497, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50099, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9863615268285604, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50133, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5955082746691431, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50162, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5818370367875477, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50011, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.984372163367471, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50165, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.6842286064783865, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50114, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9598872126894666, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49875, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.45587687697866547, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49968, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9813466913562781, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49902, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.7738937696580138, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49871, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.6207572880379378, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49900, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5699118668573513, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50067, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9623874554675362, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49886, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.8589713252768436, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49987, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.978225139019532, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50059, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9685207526335013, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50100, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9872555973164371, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49870, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.519014315061055, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50142, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9799518791259246, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50053, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.6896443796632269, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50157, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9655506462100112, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50062, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.563856309889236, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50097, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.8287999311994428, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50164, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9749887449274751, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49973, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9713030836766385, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49942, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9883449476351207, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50118, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9587107789213769, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49889, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9918744044948553, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50138, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.885861354554371, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50064, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.6138146879280815, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49846, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9630882500120779, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49878, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.661132723538958, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50068, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.6258716439752365, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50166, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.9986693174603224, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49866, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.977789427660724, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50124, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.9664180573535283, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49891, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9744871773831643, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49977, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9836276428766784, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50091, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.7192452390508892, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49963, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.6547450656229994, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49986, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.6251053014792565, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49946, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.6405379228402215, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50025, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.651654550568496, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50126, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9763109922286853, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50084, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9936130773072025, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50109, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9769991455246613, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49855, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9832209828169866, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50016, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.8624862826765007, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50044, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9629332059173831, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49847, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9886096773297816, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49888, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.89569690746626, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50052, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.926603441172563, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50066, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.996368833661631, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50086, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.941563701567202, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50034, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.7458580586533183, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50147, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9968156026256881, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50151, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.6326408825536969, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50120, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.604338303985681, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49970, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9478018505948719, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50073, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.8940173967748857, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49898, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5665192573538829, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49958, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.7742927378274134, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49861, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.9030623606577871, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50096, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9370942004641784, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50029, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9949182409343089, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50123, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.95822704542551, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50125, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9770660171853159, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49860, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.7263337080745429, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50063, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9892281073173252, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50050, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9819998470389308, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49947, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9654421111447936, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50163, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9106024338700971, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50017, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.841088913905406, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50085, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.8751308576652389, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50098, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9512702963542256, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49985, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9831453232152239, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49896, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.987486730325193, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50146, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9768586234752555, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50127, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9772081177489722, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49885, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.8747940644393977, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49940, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9583010674006418, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49919, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9670502222088144, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49874, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.7973857151344117, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49959, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9798299601254008, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50072, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.5722023211483864, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49869, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9933603028537731, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50093, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.5409561878430762, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50054, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9866787607983974, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49876, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9802835839045795, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49923, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9939514976614076, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50153, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5963469211403722, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49912, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.8699076799154611, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50137, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.6829548146147214, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49892, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9787411301519512, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49845, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.6893959008828524, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50031, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9573166813281524, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50037, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.963021978653042, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50105, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.7645230943910629, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49851, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.9482626081916771, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50132, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5876016313469103, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49939, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5842487905404479, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50007, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.5863672154842945, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50119, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9704293704775508, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49880, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9913695642921155, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49848, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9885255124867265, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49918, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9772339902816951, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49938, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9920831435179297, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50121, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.982517658921429, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49979, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9148545312802593, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49862, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.6694775778904314, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49852, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9768466058866888, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50042, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.8118444335928162, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50051, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.5988012743237588, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50152, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9730957440257904, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50074, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.8989214266996771, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49999, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.7148982511864771, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50049, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9936956599268572, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49856, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.9995322331205367, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49956, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.983732058836334, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49983, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9851169869629264, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50076, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9306462392871959, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50089, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.928689514667576, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49950, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9863955637025198, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50155, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9913538893909138, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50032, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.979635176307812, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50026, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9451425620521533, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49974, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9649460850337243, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50055, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9297847614244219, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49872, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9633438750787758, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49955, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.727866179452142, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50156, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9615714599452491, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49921, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9839439109626139, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49853, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.967940890578197, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49933, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9733972773000354, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50010, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.8259606472574323, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49936, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9828105063963437, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49989, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9012795669724603, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50112, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9602789760086011, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49937, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.972485038453176, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49850, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.976166206582888, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50115, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.5380492936178434, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50150, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.7000383788036014, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49882, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9896831538653199, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49951, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9191190573099375, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50023, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9635812312000156, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50040, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9944096051499666, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50047, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.6450325299048916, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49890, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9960052258859914, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49859, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.6037498976675788, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49906, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.957827283735689, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50136, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9285536012641178, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49926, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5606824361159941, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49957, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9854891523854606, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49995, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.979956630637799, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50108, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.9293672133909007, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50139, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.7601787915820585, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50145, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.7485452417991353, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49925, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.9922899970776189, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50159, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9721000779025367, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50070, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9369833906404413, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50107, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9279802577828402, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50148, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.7317295614546431, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49931, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5041504754360617, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50045, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9662881694372588, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50038, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9966534467046791, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50113, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9667985798765776, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50027, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9500705249060678, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49969, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9934088009290944, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49879, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9596409498699529, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50144, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9741736636068459, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49883, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.8251442629654581, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50134, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9855894932554822, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49864, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9620078905378076, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50039, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9586706551570859, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50143, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9759298212195147, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49932, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9867442891204209, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50058, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.6996630788892086, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50013, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9691393704867441, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50015, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5104406713677775, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50028, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9916258986846701, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49910, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.932120347792623, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50161, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9285915920667849, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49980, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9438803230576462, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50129, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.882428185672293, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50079, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.8218216145281355, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50131, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9813331554680103, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50061, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.8483179155916748, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:42:50.906] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 323|max_alert: 1000 [2025-12-09 20:42:50.906] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:42:50.906] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:42:50.906] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:42:53.001] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24357 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.UDP_10-0-4-15_3389_111-53-218-171_51841.1726284531.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.UDP_10-0-4-15_3389_111-53-218-171_51841.1726284531.jsonl?X-Amz-Date=20251209T124252Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=a81dc4e16c2e6a505b2fa2ab7030346ab437ef4693d3e0e24515d451657dbdf1&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-09 20:42:53.001] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:42:53.001] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:42:53.002] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:42:53.002] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:42:53.002] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:42:53.003] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:42:53.009] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.UDP_10-0-4-15_3389_111-53-218-171_51841.1726284531.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765284173003, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 20:42:53.009] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 20:42:53.009] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:42:56.241] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25458 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID10-tls1.2CS4.8_win8.1_kali_openjdk_IP.1727075387.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID10-tls1.2CS4.8_win8.1_kali_openjdk_IP.1727075387.jsonl?X-Amz-Signature=e9a683d1e5204306b188a742f5959c9f0257575979a6f5f39413b33e2df06c03&X-Amz-Expires=604800&X-Amz-Date=20251209T124255Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-09 20:42:56.241] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:42:56.241] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:42:56.242] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:42:56.242] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:42:56.242] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:42:56.243] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:42:56.715] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID10-tls1.2CS4.8_win8.1_kali_openjdk_IP.1727075387.jsonl|result:{"code": 1, "total_count": 96, "alert_count": 96, "abnormal_count": 96, "normal_count": 0, "timestamp": 1765284176243, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50265, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9878759243853074, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50276, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.945168289997379, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50247, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5569647488225031, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50289, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9831502231162093, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50270, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.5344407136152157, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50272, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9634442706801813, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50300, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5652401409280137, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50246, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9850617605872317, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50256, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.953169668838093, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50299, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9761302080331501, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50284, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5976077241093474, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50285, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.737348016052896, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50258, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.975277882791354, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50234, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.6165185065486278, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50227, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9742388129830866, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50233, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5900283296879201, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50264, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9429718324770955, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50277, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9886896590961135, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50283, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9894517342321967, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50253, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.5286931000012356, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50301, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9877464961120611, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50303, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.9970903989857882, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50318, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9367519957607916, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50288, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9659720813086614, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50309, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9722929074760572, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50307, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.572975552670283, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50281, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9670081878197971, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50280, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.8492926111087645, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50225, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50235, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9904437084612971, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50231, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5629440533080406, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50274, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9886531264612943, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50243, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.7268099391225156, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50286, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9155900790323991, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50230, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9776755844526774, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50295, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9290168656035379, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50310, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9792268828636937, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50249, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.8569354434014516, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50273, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.7327032050575627, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50226, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.9526300072242987, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50291, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9515855603979286, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50259, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.6642024846775728, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50315, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9447778554031051, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50302, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9184303262220646, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50248, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9935116060393047, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50268, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9660160374766978, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50271, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9764819323705491, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50311, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9963022107499532, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50306, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9483049705435055, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50320, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.994655701435671, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50238, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.7491825770643566, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50229, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9754866954395122, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50241, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9961617207058336, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50237, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9862250768160064, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50245, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.6284838548227506, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50254, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9666203567068122, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50279, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.983476664387842, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50275, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9630176352700658, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50287, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9618059083166087, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50236, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5377829763866936, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50293, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9768043043301445, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50251, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9850493285553931, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50294, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9143479559941067, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50296, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9339709019631312, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50305, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9911429460559499, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50255, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9919427607187751, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50262, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.7885083109675786, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50242, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9451460902901075, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50261, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9847427622560799, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50308, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9749191472773266, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50260, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9308735418657971, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50267, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9772307668962272, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50252, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9696304342654973, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50282, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.8293108213505053, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50298, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.867995316193006, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50312, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9632823526389884, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50314, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9887212089462564, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50250, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.7320694010757255, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50228, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9737427412589976, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50278, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9137520080236008, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50240, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9567652692594767, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50290, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9610210876729414, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50316, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9369468552360414, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50232, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9670427899299335, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50257, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9128268378512929, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50263, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9534462009267722, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50292, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9783690064467849, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50297, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.8771636695377104, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50266, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9682779926574817, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50317, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5733202842302004, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50319, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9811963948800059, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50244, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9291751018229152, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50269, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9802405616315973, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50304, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5839443681944724, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50313, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.985151192360472, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50239, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.6584272718407038, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:42:56.715] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 96|max_alert: 1000 [2025-12-09 20:42:56.715] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:42:56.715] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:42:56.715] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:42:59.484] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25112 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID41-tls1.2CS4.8_windowsserver2016_kali_jdk_domain.1727337756.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID41-tls1.2CS4.8_windowsserver2016_kali_jdk_domain.1727337756.jsonl?X-Amz-Date=20251209T124259Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=4ad7af915e053b821fa676d746f8df152e00b7ae17ca20e08de102eadd8d7027"} [2025-12-09 20:42:59.484] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:42:59.484] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:42:59.484] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:42:59.484] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:42:59.484] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:42:59.485] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:42:59.920] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID41-tls1.2CS4.8_windowsserver2016_kali_jdk_domain.1727337756.jsonl|result:{"code": 1, "total_count": 100, "alert_count": 100, "abnormal_count": 100, "normal_count": 0, "timestamp": 1765284179485, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52142, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9717648680062462, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52150, "dest_port": 8990, "y_pred": 3, "y_pred_proba_max": 0.8251256616714179, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52117, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.8069681930745379, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52122, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9436706129592828, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52134, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9184975773210156, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52144, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9300230089826887, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52159, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.5338582322011293, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52141, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.7992264015635948, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52146, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9220827419000501, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52110, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.6312528175330426, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52113, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9469145653674625, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52131, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.6266987503615363, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52168, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.546172662180798, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52125, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9786473619908952, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52163, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.5498271073616211, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52162, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.6730149474675262, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52178, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.839111596344256, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52179, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.47368454080001826, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52121, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.7920245406229192, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52161, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.7747772638103901, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52184, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.8963155857954644, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52139, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9286410824717212, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52187, "dest_port": 8990, "y_pred": 3, "y_pred_proba_max": 0.5574138805327431, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52189, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.7714943394637498, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52191, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9412272351218671, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52123, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.982757212381813, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52165, "dest_port": 8990, "y_pred": 3, "y_pred_proba_max": 0.6048200284239559, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52193, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9574006127368515, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52129, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9146178117432336, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52194, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9646465099697048, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52196, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9259193503516323, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52137, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.8563181601935116, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52124, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9896917960330592, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52143, "dest_port": 8990, "y_pred": 3, "y_pred_proba_max": 0.5103466082590444, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52147, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9423285122768676, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52198, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9695820683142766, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52200, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9628474243911925, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52207, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9282716739348001, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52156, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.956076466929616, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52175, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9767199166725453, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52186, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.8458994082046406, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52136, "dest_port": 8990, "y_pred": 3, "y_pred_proba_max": 0.5943154192623313, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52120, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9230969844647448, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52140, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.7473391236999901, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52116, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.6721115245497418, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52158, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.7873232984513144, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52195, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.5171150775499859, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52197, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.8777385730992845, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52209, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9052930981567001, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52152, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.8850068644543395, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52112, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9688487370668326, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52119, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9247856650023082, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52155, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.8463553470491237, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52190, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.6978130757793901, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52199, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.8851248770302418, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52176, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9303011127977474, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52173, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.5699437933895314, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52203, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.8355270894244378, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52118, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9246283743604492, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52177, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.7500959333425945, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52138, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9814572761907557, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52135, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.710134370372058, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52126, "dest_port": 8990, "y_pred": 3, "y_pred_proba_max": 0.7885549056902029, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52166, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.8051457229877027, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52127, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.6143906067842008, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52180, "dest_port": 8990, "y_pred": 3, "y_pred_proba_max": 0.6971534618970462, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52183, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9466466747022219, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52205, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.8800923362193929, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52192, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9838864110136946, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52114, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.8093034536107697, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52133, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9183725746726318, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52181, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.532041191001607, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52130, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.5073187338769927, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52151, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.5581752871437675, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52167, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9409538535229407, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52169, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.7741596421093909, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52202, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.8864011353851811, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52170, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.976266705230669, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52148, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.8223779678119884, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52185, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.939910076716612, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52172, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.908489292899985, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52111, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9167671762401094, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52171, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9797571072255394, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52188, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9466246037484531, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52204, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9375665356140841, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52208, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9270882419399703, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52160, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9463765860143531, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52145, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.7425766375752965, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52115, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9707258148203648, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52182, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9002156468462077, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52149, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.8206815676643691, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52128, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.8746938717482686, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52157, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.5493237658682708, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52154, "dest_port": 8990, "y_pred": 3, "y_pred_proba_max": 0.5639640486380836, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52164, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.6625423781072952, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52174, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9891668810637424, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52132, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.5746648057040702, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52201, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.7350506738418443, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52206, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9408243100713752, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52153, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9513933962859774, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:42:59.920] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 100|max_alert: 1000 [2025-12-09 20:42:59.920] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:42:59.920] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:42:59.920] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:43:02.757] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25459 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID43-tls1.2CS4.8_windowsserver2016_ubuntu_jdk_IP.1727398358.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID43-tls1.2CS4.8_windowsserver2016_ubuntu_jdk_IP.1727398358.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=f175b150904ed4e0150877173b40a6f1f61fed63871f24870b6d2113b766d8fa&X-Amz-Date=20251209T124302Z&X-Amz-SignedHeaders=host"} [2025-12-09 20:43:02.757] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:43:02.757] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:43:02.757] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:43:02.757] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:43:02.757] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:43:02.758] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:43:03.170] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID43-tls1.2CS4.8_windowsserver2016_ubuntu_jdk_IP.1727398358.jsonl|result:{"code": 1, "total_count": 92, "alert_count": 92, "abnormal_count": 92, "normal_count": 0, "timestamp": 1765284182758, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49838, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9597281911132077, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49848, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7093220585625833, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49828, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7437240848798812, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49878, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8068388519603652, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49891, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7300162866050978, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49890, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6716081993391795, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49876, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6530456324096936, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49846, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5193956247891588, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49889, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6920476900715941, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49860, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.840133173502189, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49858, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6499172053532136, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49868, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8660062030673948, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49873, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.49851250452408247, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49901, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8635968073685155, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49885, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.820365122634426, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49849, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6243851057182942, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49910, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8579855844570402, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49895, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8949556705014371, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49847, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.673855818998148, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49840, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8504678535033428, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49907, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7678200061531537, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49821, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.436322727590321, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49823, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8720777492250344, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49827, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7867954580912583, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49866, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9334034406641464, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49835, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6822091358877382, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49879, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.515272450181456, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49822, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9678144113460768, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49825, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9031253882751805, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49855, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9605670351533792, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49872, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8326496785314252, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49898, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8268343490583236, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49864, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.959529866949088, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49845, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6352806961423553, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49853, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5443740487170939, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49865, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8648520969807312, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49832, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7940131997863517, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49906, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8962899420334062, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49854, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8314626296598142, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49894, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6032604965646904, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49888, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9293666937681686, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49874, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9783856303093864, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49875, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5268917107247628, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49871, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.851535193854736, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49877, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6997603392307076, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49859, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5265057964892825, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49830, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8832869812088577, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49903, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6435879475990721, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49833, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6399138522117351, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49837, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9404465573508798, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49856, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.910691955743757, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49831, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9142546505444914, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49869, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.852981951747037, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49870, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7267318806896884, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49844, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8774659640525907, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49880, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8033783900960704, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49839, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8420466204977842, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49867, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5381488938441703, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49881, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8074165418949916, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49893, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7219083371931175, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49863, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9664204433643117, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49850, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6607948361748729, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49834, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9261016400473958, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49826, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6595879366639672, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49841, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8196219061569351, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49886, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5777176046860213, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49843, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9273711985893746, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49896, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7953724916373498, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49899, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8674129676888247, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49900, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8937462092959588, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49911, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9427937610330535, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49836, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6625147101061587, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49887, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8444824858458608, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49857, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9509315478026236, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49884, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9630699372037945, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49912, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9180996457736041, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49842, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8363114200304143, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49851, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6318024672742749, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49882, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6200615195285073, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49904, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9124182815014376, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49897, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5797851425231919, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49913, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6058104145313088, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49829, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7756123368669774, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49862, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8974545475325156, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49852, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5730074938906288, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49905, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.558466589319465, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49892, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5579828481044155, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49861, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7569788650651758, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49824, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9182494196749937, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49909, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6124800307296783, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49883, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8727246008529581, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49902, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.95166616327142, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:43:03.170] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 92|max_alert: 1000 [2025-12-09 20:43:03.170] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:43:03.170] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:43:03.170] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:43:06.010] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25113 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.1727228273.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.1727228273.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251209T124305Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=f80cfb143563f56c967f7d4f3feb932a57ab5b6eddec4dd511b69947786d6ee2&X-Amz-Expires=604800"} [2025-12-09 20:43:06.011] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:43:06.011] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:43:06.011] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:43:06.011] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:43:06.011] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:43:06.011] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:43:06.643] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.1727228273.jsonl|result:{"code": 1, "total_count": 184, "alert_count": 184, "abnormal_count": 184, "normal_count": 0, "timestamp": 1765284186011, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49300, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7535252300512015, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49213, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9097916849017884, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49289, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6422731049411385, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49303, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.7883851506547559, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49202, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.952812539485268, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49323, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6536910355132741, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49190, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.6681120533328117, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49258, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.7549844408325019, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49259, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7156993776938108, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49169, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8393098721901737, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49266, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.868238254489992, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49271, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6056612005644393, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49287, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6797435489049862, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49295, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9204216599657362, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49298, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9524346449004636, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49239, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.997530105885503, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49225, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9540416381511261, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49199, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8708762004632982, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49176, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.7187429521863731, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49319, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8012042869675653, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49280, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6978219958260657, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49285, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.6625446913871705, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49179, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.8664756844436504, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49284, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9650550094311113, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49188, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9990365320615877, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49161, "dest_port": 51129, "y_pred": 2, "y_pred_proba_max": 0.7683776990714972, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49330, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.5760617446672244, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49261, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6761807100951438, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49215, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8970206050352545, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49164, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8128356571279334, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49313, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.79137488150312, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49206, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9677342644366878, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49175, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9647139605823071, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49221, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.6694690673124158, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49244, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9050284085930969, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49265, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9606687561026244, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49272, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5250640923352601, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49275, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9663870738633014, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49231, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9054243804966579, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49177, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8198474389707736, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49233, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9773696513436474, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49340, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.6097706102924892, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49241, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9975461688238867, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49198, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.5208323091838872, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49186, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7020690251701515, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49203, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.675426179227328, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49196, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8515432049926769, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49307, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9685151116997144, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49316, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9456675606191549, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49278, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6002940353645803, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49212, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9865806649237132, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49267, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.7797935783966006, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49326, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7359177254850139, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49315, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9428599858976464, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49180, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9388282249369555, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49333, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6480148826431614, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49341, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.6711097955292692, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49310, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.886008363551979, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49187, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9991696735818225, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49242, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8850067164792175, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49165, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.8394237974606074, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49222, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8181737787129972, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49263, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9219107999925186, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49268, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9797243215332611, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49337, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7182936054369473, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49245, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7360587104230578, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49314, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9199507839544299, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49325, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7853497899067285, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49191, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.70713223924829, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49195, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9123586151413057, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49327, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.8095211256434334, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49178, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6771831112316992, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49269, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.8804425451866921, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49302, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8610120312357731, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49291, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.6611169018412665, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49283, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9912113345091026, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49229, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.995248917989658, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49318, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7683917968687011, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49234, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.5546714584129069, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49281, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.5135672782397152, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49226, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6219816237727015, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49227, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9352170269026812, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49331, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.7760983186115421, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49163, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9627407074253814, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49262, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7012319472281362, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49274, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7896164057466658, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49257, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9311119332187614, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49299, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9440669798766085, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49250, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8206109232482813, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49246, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8481369577729319, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49162, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9793434577408894, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49219, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9715603901471023, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49252, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.673033084835841, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49290, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.6090624899155326, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49297, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9651507165790781, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49217, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8661740526532142, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49173, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7794742360397849, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49305, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8976597257520773, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49230, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9426230672497405, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49211, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8252456489064133, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49170, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.6983777220046489, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49171, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9036775644763501, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49174, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.5307337739960409, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49184, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.999831430703893, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49201, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8700626674775306, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49214, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.5229356293541297, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49181, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.7556896616318012, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49223, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9777387893387068, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49256, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8109348672636414, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49264, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8754835936153706, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49335, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5746152424557479, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49279, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7046632371792493, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49240, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.999717562079124, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49294, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9188803945204663, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49172, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5644370704341645, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49317, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8495661586941259, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49208, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987299237502186, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49309, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.947300168382834, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49311, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9591934005365429, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49328, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.8762688253688522, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49255, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5439471585213654, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49209, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.749804018938855, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49336, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.7037248890620477, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49304, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9201257950779532, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49344, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8745982822099253, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49277, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9619171951447366, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49183, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9992367437755522, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49207, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9866518536981347, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49286, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.8409589763250297, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49329, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6648016830313859, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49332, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.6896610510905407, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49197, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.6257930564673225, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49324, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9560591377964437, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49192, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.776271931397361, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49292, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.957253514859184, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49301, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7918797865388021, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49334, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.8133006223635865, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49168, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.781315655366253, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49249, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9812290770781041, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49194, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.6815273572290471, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49224, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9500948556317464, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49243, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7967497122450772, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49218, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.8887710468089111, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49248, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9269004865779975, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49232, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9251604412578454, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49270, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9103328482318677, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49247, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5565646215495013, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49210, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8503397167372608, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49276, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.7284152839353538, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49254, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8613288068910904, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49293, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9163000181350263, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49216, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.5576112589467513, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49220, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9720165770690631, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49236, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7788970181203663, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49185, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9644225864167885, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49193, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9065707770298514, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49238, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9514400149087391, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49288, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7899345796334684, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49296, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.5293839695735326, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49182, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.609915037944741, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49189, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6704914626392562, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49205, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9723429172454786, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49260, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9292089582790488, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49321, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9757004575733857, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49251, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.594953645932237, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49322, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.975618757580178, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49339, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.7065275258994312, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49204, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.872413217346259, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49342, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7017534522636766, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49343, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9302961471434333, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49306, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9226390036590016, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49167, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9728084570498172, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49253, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5993830570444911, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49273, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9516037753213813, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49312, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9391968450200597, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49228, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9295630582672966, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49308, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6920149390603046, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49320, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.7836376290762277, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49166, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9173394690609071, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49200, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.6404661592443197, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49237, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9976982512770951, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49235, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5862204358738493, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49282, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.8795732298064506, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49338, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8117842125805261, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:43:06.643] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 184|max_alert: 1000 [2025-12-09 20:43:06.643] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:43:06.643] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:43:06.643] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:43:09.248] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24358 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID42-tls1.2CS4.8_windowsserver2016_kali_openjdk_IP.1727339480.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID42-tls1.2CS4.8_windowsserver2016_kali_openjdk_IP.1727339480.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T124308Z&X-Amz-SignedHeaders=host&X-Amz-Signature=29346a224451cd9ad3fc24e4a3d233a5a6c1b1dd1ff871db86454e3714e65901"} [2025-12-09 20:43:09.248] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:43:09.248] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:43:09.248] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:43:09.248] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:43:09.248] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:43:09.248] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:43:09.640] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID42-tls1.2CS4.8_windowsserver2016_kali_openjdk_IP.1727339480.jsonl|result:{"code": 1, "total_count": 84, "alert_count": 84, "abnormal_count": 84, "normal_count": 0, "timestamp": 1765284189248, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53929, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.652439166160231, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53991, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7937306371361653, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53943, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8802265091836545, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53923, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9139105694723427, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53931, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6023748649266634, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53953, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.866226138620796, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53963, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9120270192572084, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53979, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8265133081996126, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53930, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8398226998198514, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53974, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6424747288244927, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54001, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8575308296606916, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53968, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9098845375507889, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53978, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8569222880930275, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53921, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.836403762589436, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53926, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9393568809654613, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53955, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9312194549216598, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54002, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6605176021556671, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54000, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5081042849542182, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53951, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7268548223875532, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53969, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9801742164926764, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53952, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.770638377172429, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53925, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9692691717666108, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53980, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.715272132326064, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53927, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6548331463298686, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53957, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9282637960364166, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53928, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7481115504048469, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53967, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8434302602181997, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53935, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8537678923010523, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53924, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9120598333126073, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53972, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6750930682615004, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53984, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8374826208689425, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53985, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5911767064034527, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53965, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5858334132124475, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53993, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7513086962099772, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53958, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9769553335486666, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53959, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9337551960913452, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53988, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8150723359080869, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53962, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.94939978459922, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53998, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7410932784645787, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54004, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8353477945202226, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53977, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7820243279968885, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53987, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.975471828107136, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53937, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5758942199783782, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53986, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9568620444379906, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53938, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7393767752708775, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53942, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7592233665391579, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53936, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8003600426497569, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53971, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.877110450202344, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53973, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7084784514591502, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53976, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7097137174613701, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53941, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7667269709313624, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53983, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7773923430391433, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53956, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7799041915303908, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53990, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8854714432145646, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53995, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8315195424140174, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53945, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9811484239039856, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53934, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7879349292726511, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53939, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6139006230064715, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53946, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9794970358873141, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53961, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.929255763305386, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53922, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7873625267327947, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53944, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5712718244014525, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53960, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8294881604422543, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53975, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6791126235656763, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53970, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8253856985183537, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53947, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9525376354251084, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53999, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9303419859775965, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53954, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6750915273210129, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53966, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5189199668864457, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53949, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.989469830627991, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53992, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9292137089030135, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53940, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.944187633377688, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53994, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7738970699939143, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53997, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7161435090641636, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53933, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7122968349073746, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53948, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8827720254160503, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53950, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7767389921777231, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53964, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.93116083793422, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53982, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9784867253887355, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53989, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7778278119477656, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53981, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9331319021656421, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53932, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8014071676432983, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54003, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9504484891099336, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53996, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6507002654014227, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:43:09.640] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 84|max_alert: 1000 [2025-12-09 20:43:09.640] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:43:09.640] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:43:09.640] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:43:12.366] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24359 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID4_CS4.8_win11_Ubuntu_openjdk_Domain_http.1726054979.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID4_CS4.8_win11_Ubuntu_openjdk_Domain_http.1726054979.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=4bdcf4be6d7e9f279fced429909d636fb0251d6ebdda8f0040d1c15e4053f923&X-Amz-Date=20251209T124311Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-09 20:43:12.366] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:43:12.367] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:43:12.367] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:43:12.367] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:43:12.367] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:43:12.367] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:43:12.576] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID4_CS4.8_win11_Ubuntu_openjdk_Domain_http.1726054979.jsonl|result:{"code": 1, "total_count": 31, "alert_count": 31, "abnormal_count": 31, "normal_count": 0, "timestamp": 1765284192367, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53090, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53102, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53105, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53086, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53089, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53075, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53104, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53085, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53078, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53093, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53073, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53087, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53103, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53091, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53098, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53088, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53101, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53076, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53077, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53096, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53084, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53095, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53097, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53099, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53074, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53100, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53094, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53092, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53082, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53083, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53106, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:43:12.576] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 31|max_alert: 1000 [2025-12-09 20:43:12.576] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:43:12.576] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:43:12.576] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:43:15.510] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25114 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID35-httpCS4.8_windowsserver2008_kali_jdk_domain.1727228426.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID35-httpCS4.8_windowsserver2008_kali_jdk_domain.1727228426.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=caf844c945bff31d5b350bf371f8edb04422ba4fe81e9a370a76ba2ae5e10546&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T124315Z"} [2025-12-09 20:43:15.511] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:43:15.511] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:43:15.511] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:43:15.511] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:43:15.511] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:43:15.511] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:43:15.983] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID35-httpCS4.8_windowsserver2008_kali_jdk_domain.1727228426.jsonl|result:{"code": 1, "total_count": 324, "alert_count": 324, "abnormal_count": 324, "normal_count": 0, "timestamp": 1765284195511, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49720, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49497, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49772, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49579, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49677, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49683, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49747, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49471, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49729, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49605, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49558, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49568, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49661, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49710, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49491, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49501, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49551, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49670, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49459, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49719, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49631, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49644, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49615, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49599, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49482, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49508, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49484, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49494, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49632, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49666, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49682, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49744, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49516, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49545, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49481, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49554, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49674, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49771, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49522, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49562, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49663, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49700, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49723, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49570, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49728, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49694, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49650, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49749, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49690, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49765, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49778, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49593, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49766, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49485, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49487, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49652, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49555, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49578, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49696, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49751, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49529, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49576, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49741, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49668, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49534, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49613, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49580, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49577, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49724, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49626, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49591, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49585, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49730, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49697, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49621, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49635, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49722, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49659, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49633, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49738, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49496, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49455, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49465, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49560, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49713, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49718, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49727, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49684, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49726, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49519, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49514, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49675, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49549, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49636, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49731, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49767, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49629, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49518, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49553, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49559, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49602, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49594, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49561, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49618, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49539, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49740, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49628, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49563, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49714, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49477, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49531, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49681, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49468, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49556, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49637, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49736, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49504, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49721, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49734, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49606, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49480, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49550, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49638, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49565, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49709, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49716, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49774, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49775, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49493, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49664, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49492, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49679, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49630, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49474, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49476, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49498, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49735, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49745, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49653, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49533, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49712, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49546, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49488, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49511, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49737, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49649, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49603, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49657, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49609, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49460, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49456, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49574, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49537, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49625, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49641, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49692, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49763, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49672, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49608, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49590, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49462, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49490, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49505, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49567, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49584, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49742, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49467, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49463, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49510, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49552, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49667, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49689, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49544, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49646, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49702, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49707, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49528, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49483, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49600, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49642, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49598, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49470, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49627, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49768, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49512, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49665, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49643, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49746, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49502, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49762, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49525, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49686, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49688, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49678, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49651, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49715, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49654, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49685, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49478, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49566, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49671, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49540, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49472, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49706, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49612, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49733, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49703, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49543, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49662, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49541, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49705, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49693, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49620, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49569, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49619, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49547, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49542, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49469, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49571, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49660, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49527, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49640, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49624, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49701, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49575, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49770, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49526, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49687, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49756, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49507, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49634, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49513, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49648, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49764, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49601, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49759, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49699, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49515, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49461, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49523, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49548, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49588, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49645, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49691, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49658, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49639, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49475, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49761, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49614, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49500, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49583, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49739, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49521, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49530, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49495, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49604, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49611, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49589, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49616, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49676, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49673, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49708, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49757, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49754, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49524, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49582, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49717, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49506, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49536, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49581, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49538, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49503, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49572, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49597, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49623, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49592, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49596, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49622, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49680, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49773, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49655, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49704, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49610, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49758, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49698, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49725, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49509, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49656, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49748, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49520, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49695, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49473, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49499, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49517, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49479, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49532, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49586, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49743, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49557, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49617, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49753, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49464, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49776, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49457, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49769, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49750, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49760, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49711, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49466, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49535, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49755, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49489, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49607, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49777, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49647, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49669, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49587, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49458, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49752, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49732, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49595, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49564, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49573, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49486, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:43:15.983] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 324|max_alert: 1000 [2025-12-09 20:43:15.983] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:43:15.983] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:43:15.983] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:43:18.771] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25460 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID2-4-tls1.3CS4.8_win11_kali_openjdk_Domain.1730306354.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID2-4-tls1.3CS4.8_win11_kali_openjdk_Domain.1730306354.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=0caba162253831cdc7a294f676f63291df019e8710dc2e86747d65a1264ee2fd&X-Amz-Date=20251209T124318Z&X-Amz-Expires=604800"} [2025-12-09 20:43:18.771] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:43:18.771] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:43:18.771] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:43:18.772] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:43:18.772] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:43:18.772] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:43:19.059] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID2-4-tls1.3CS4.8_win11_kali_openjdk_Domain.1730306354.jsonl|result:{"code": 0, "total_count": 42, "alert_count": 0, "abnormal_count": 0, "normal_count": 42, "timestamp": 1765284198772, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 20:43:19.059] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 20:43:19.059] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:43:21.986] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24360 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID2-4-tls1.2CS4.8_win11_kali_openjdk_Domain.1730306699.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID2-4-tls1.2CS4.8_win11_kali_openjdk_Domain.1730306699.jsonl?X-Amz-Expires=604800&X-Amz-Signature=347627482dfe08a7b6edc727713acc0ea2bb62f6cdaa7f0df39bae93e7e0a050&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T124321Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:43:21.986] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:43:21.986] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:43:21.986] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:43:21.986] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:43:21.986] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:43:21.986] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:43:22.320] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID2-4-tls1.2CS4.8_win11_kali_openjdk_Domain.1730306699.jsonl|result:{"code": 1, "total_count": 45, "alert_count": 45, "abnormal_count": 45, "normal_count": 0, "timestamp": 1765284201986, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51468, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.8202785088622463, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51522, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9855057948728629, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51475, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.7233343602447118, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51484, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.7102674264202697, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51459, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.8838388710594299, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51490, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.7989387895898239, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51469, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.8815730488825807, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51511, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.8321823465933009, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51506, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9507442374854301, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51527, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9066065566736474, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51483, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9282103532133709, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51465, "dest_port": 8888, "y_pred": 3, "y_pred_proba_max": 0.7158868587585212, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51498, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.7898729745933586, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51526, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9062436487834582, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51489, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.6234981026606723, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51494, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.676780596911354, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51474, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9237159428555212, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51512, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.8113020585917197, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51448, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.8464492922397163, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51514, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.6529439292842751, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51480, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.6534496807577612, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51521, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9739883477394619, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51477, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9406692299610012, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51507, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9324599006201146, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51497, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.979939403633986, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51471, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9573222054813282, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51503, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.875056607069014, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51473, "dest_port": 8888, "y_pred": 3, "y_pred_proba_max": 0.644295062698061, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51464, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.710700964942956, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51501, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9790326353242975, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51502, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9132560367494885, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51500, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.863524869285478, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51491, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.7812837432031107, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51518, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9413632233473177, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51461, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.8466053345492902, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51524, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.8101483217757857, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51456, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.8480149505661796, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51449, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.8647050822181608, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51458, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.971093281452582, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51509, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9678765462168811, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51519, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.8180808206578049, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51488, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9570656353636285, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51495, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.7651206821411612, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51462, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.7483962580496625, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51516, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9870585794822262, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:43:22.320] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 45|max_alert: 1000 [2025-12-09 20:43:22.320] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:43:22.320] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:43:22.320] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:43:25.230] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25115 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID1-1-tls1.2CS4.8_win11_kali_jdk_IP.1730650871.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID1-1-tls1.2CS4.8_win11_kali_jdk_IP.1730650871.jsonl?X-Amz-Date=20251209T124324Z&X-Amz-Signature=74a8a73558fbd3b9326d197f96f979235af77cce4e82f1e83e363b7b7e875b72&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:43:25.230] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:43:25.230] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:43:25.231] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:43:25.231] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:43:25.231] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:43:25.231] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:43:25.539] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID1-1-tls1.2CS4.8_win11_kali_jdk_IP.1730650871.jsonl|result:{"code": 1, "total_count": 49, "alert_count": 49, "abnormal_count": 49, "normal_count": 0, "timestamp": 1765284205231, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50513, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8467097601065157, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50520, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.666514705700526, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50431, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.7409351698886841, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50552, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9049283312099418, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50519, "dest_port": 7777, "y_pred": 3, "y_pred_proba_max": 0.5720546880042181, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50547, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9618936090685591, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50512, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8231076811888173, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50506, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9706781995684648, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50533, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8250831941115909, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50560, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8319415626042109, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50531, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.7528241490339651, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50436, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.7876183685075463, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50510, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.5752123023136946, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50546, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9285078732078361, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50550, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.839254277632684, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50548, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.6375912381305254, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50566, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.5096535393395003, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50556, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.912426256580924, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50524, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9808044393978423, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50537, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9418821527347296, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50541, "dest_port": 7777, "y_pred": 3, "y_pred_proba_max": 0.7367312462347306, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50507, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.7485935589744371, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50522, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.7818604975645257, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50439, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9110289525670797, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50542, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.6367978709846803, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50487, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9829910923684625, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50539, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9535405668333639, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50509, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.55852958267165, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50515, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9735751981977914, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50534, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.7564222589794545, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50516, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8762727479954106, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50540, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.7619668805752586, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50545, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.7626007994770011, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50554, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8343387916460934, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50529, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9110134710018434, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50557, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.948811607816602, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50551, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9767589661446414, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50562, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.7798562185669838, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50455, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9332500284511566, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50527, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9440463126317352, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50565, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.6764603381720179, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50521, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.5515501702260989, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50543, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8505209376793788, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50525, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.88430090115156, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50469, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.7854640899653569, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50488, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.6972829426835475, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50558, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8567067081180528, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50430, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.7426793469736765, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50563, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.848304790876697, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:43:25.539] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 49|max_alert: 1000 [2025-12-09 20:43:25.539] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:43:25.539] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:43:25.539] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:43:28.482] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25116 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID1-1-tls1.3CS4.8_win11_kali_jdk_IP.1730649414.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID1-1-tls1.3CS4.8_win11_kali_jdk_IP.1730649414.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T124328Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=f5ce0f24d7183c71437d2557ef6b1a8a2daf4942c277dac97f9b2ee6293b9aa7"} [2025-12-09 20:43:28.482] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:43:28.482] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:43:28.483] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:43:28.483] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:43:28.483] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:43:28.484] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:43:28.780] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID1-1-tls1.3CS4.8_win11_kali_jdk_IP.1730649414.jsonl|result:{"code": 1, "total_count": 44, "alert_count": 44, "abnormal_count": 44, "normal_count": 0, "timestamp": 1765284208484, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50116, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.6443976682581195, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50000, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9402231242934551, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50085, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.7698481031909958, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50056, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.948474199455215, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50095, "dest_port": 7777, "y_pred": 3, "y_pred_proba_max": 0.6861094247332293, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50123, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.541367028115992, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50018, "dest_port": 7777, "y_pred": 3, "y_pred_proba_max": 0.8451425727689915, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50021, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9425552515379603, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50007, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.7141543730055839, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50079, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8696736020600491, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 49983, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9522840919648836, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50001, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8679707103635019, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50019, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.7704305984068052, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 49982, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8342900192395903, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50005, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9564944821122344, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50038, "dest_port": 7777, "y_pred": 3, "y_pred_proba_max": 0.605751260320874, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50020, "dest_port": 7777, "y_pred": 3, "y_pred_proba_max": 0.7752996434974021, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50028, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.7706116842000286, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50035, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8076493392613169, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50016, "dest_port": 7777, "y_pred": 3, "y_pred_proba_max": 0.9274958781245288, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50027, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9166414781156934, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50009, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9534323373097663, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50030, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.7278209235881679, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50043, "dest_port": 7777, "y_pred": 3, "y_pred_proba_max": 0.5384406514342021, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50011, "dest_port": 7777, "y_pred": 3, "y_pred_proba_max": 0.5881055050157987, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50008, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.770564314329767, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50051, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8311161550611524, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50091, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8792590217721241, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50017, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.7972603773783307, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50031, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8273850464913237, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50006, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9401227544538059, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50050, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.892682901913958, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50022, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.810364073278541, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50111, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.6695116275583143, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50037, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.92229473077408, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50010, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8674442948212914, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50023, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.902835158209859, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50040, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9035923836708338, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50029, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.7404379825050628, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50047, "dest_port": 7777, "y_pred": 3, "y_pred_proba_max": 0.703407831812099, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50099, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8585322442538292, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50122, "dest_port": 7777, "y_pred": 3, "y_pred_proba_max": 0.7474180921125376, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50087, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8335433408314439, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50115, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.7635344170372543, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:43:28.780] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 44|max_alert: 1000 [2025-12-09 20:43:28.780] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:43:28.780] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:43:28.780] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:43:31.732] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24361 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID1-4-tls1.2CS4.8_win11_kali_jdk_Domain.1730650467.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID1-4-tls1.2CS4.8_win11_kali_jdk_Domain.1730650467.jsonl?X-Amz-Signature=1c63ebc0f26ba65cd88993f7ed0d94b768cd1c383ee3fe98d63b671fa22a6657&X-Amz-Date=20251209T124331Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:43:31.733] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:43:31.733] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:43:31.733] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:43:31.733] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:43:31.733] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:43:31.733] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:43:32.035] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID1-4-tls1.2CS4.8_win11_kali_jdk_Domain.1730650467.jsonl|result:{"code": 1, "total_count": 47, "alert_count": 47, "abnormal_count": 47, "normal_count": 0, "timestamp": 1765284211733, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50324, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9288487105339074, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50284, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8410946709775775, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50314, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5449089326846577, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50336, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9139037144736866, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50356, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9760609489965495, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50290, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6171746379846506, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50326, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7094645064505605, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50340, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9746446553276052, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50330, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8389904620093418, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50371, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8298544734362666, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50360, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8517623081967094, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50298, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9715451836946997, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50338, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7583126904088858, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50295, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7564601731928327, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50304, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9227577018654767, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50327, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8730106199399839, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50309, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9367704288302448, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50332, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7432704194372974, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50299, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9181457379525828, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50317, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9188967509014137, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50322, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9403448655359128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50346, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9570639350386434, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50348, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7995865193304741, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50285, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8594071615987103, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50349, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9457553303155715, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50335, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9418827962313508, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50311, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9429740203174176, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50303, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9284280309327152, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50355, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8352341318578734, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50370, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9428792089114146, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50354, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7881202570821161, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50312, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7373827337295659, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50301, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5492209412043578, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50345, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8863718763573442, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50296, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.95494657932494, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50300, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8316042020919898, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50315, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7293206194479023, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50334, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.953518686199493, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50369, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.878796321075814, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50337, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.833707026146507, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50347, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5074750917461794, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50323, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8858233234561498, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50357, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8723181106892521, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50318, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8718724222397368, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50367, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8703433436610518, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50308, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8725547918450054, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50353, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9221018642168902, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:43:32.036] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 47|max_alert: 1000 [2025-12-09 20:43:32.036] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:43:32.036] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:43:32.036] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:43:34.947] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24362 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.1726814632.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.1726814632.jsonl?X-Amz-Signature=125a65ac62ce2ac7eb7f3750293036488d5dfc89cdb602d52792e6a8500743d0&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T124334Z"} [2025-12-09 20:43:34.948] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:43:34.948] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:43:34.948] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:43:34.948] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:43:34.948] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:43:34.948] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:43:35.158] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.1726814632.jsonl|result:{"code": 1, "total_count": 12, "alert_count": 12, "abnormal_count": 12, "normal_count": 0, "timestamp": 1765284214948, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51810, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.8549264185255389, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51811, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.9902186269105376, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51805, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.7787013078659158, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51802, "dest_port": 446, "y_pred": 2, "y_pred_proba_max": 0.886097405910754, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51807, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.8944676465086725, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51808, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.8541901061252963, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51814, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.6439827887800125, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51817, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.9905808671595859, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.137", "protocol": 6, "src_port": 51804, "dest_port": 22, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51800, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.9255906624646884, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51816, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.7784450465277769, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51813, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.9169213898566784, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:43:35.159] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 12|max_alert: 1000 [2025-12-09 20:43:35.159] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:43:35.159] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:43:35.159] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:43:38.209] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25461 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.1726796372.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.1726796372.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T124337Z&X-Amz-Signature=0efe11b0a48938ff9db5998107a8871db07ce37b6ec87f6fc3de8644bd1fe80b"} [2025-12-09 20:43:38.209] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:43:38.209] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:43:38.209] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:43:38.209] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:43:38.209] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:43:38.210] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:43:38.437] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.1726796372.jsonl|result:{"code": 1, "total_count": 12, "alert_count": 12, "abnormal_count": 12, "normal_count": 0, "timestamp": 1765284218210, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51152, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9564240808157058, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.137", "protocol": 6, "src_port": 51146, "dest_port": 22, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51142, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9002966346730812, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51149, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7930476786332924, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51153, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7858296540117953, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51150, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.683703974792815, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51159, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7354736177059842, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51155, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6404692550467705, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51144, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.385851583840364, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51156, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7904833379047614, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51158, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8248391299231592, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51147, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.5574287788486448, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:43:38.437] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 12|max_alert: 1000 [2025-12-09 20:43:38.437] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:43:38.437] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:43:38.437] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:43:41.420] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25462 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.1726817457.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.1726817457.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=3e627e5079f25b92c4610bbd05ffbf7b6e7599db473b777532c2c8112c7d1013&X-Amz-Date=20251209T124340Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:43:41.420] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:43:41.420] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:43:41.420] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:43:41.420] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:43:41.420] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:43:41.421] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:43:41.634] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.1726817457.jsonl|result:{"code": 1, "total_count": 12, "alert_count": 11, "abnormal_count": 11, "normal_count": 1, "timestamp": 1765284221421, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51913, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7804626368341007, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51910, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9176733408604053, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51905, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5694710971835998, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.137", "protocol": 6, "src_port": 51901, "dest_port": 22, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51907, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7498671072453136, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51902, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9931240746423159, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51898, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5531385391749607, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51914, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5219725503828033, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51904, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9077258172569825, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51911, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9902476607497825, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51908, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9837638142753491, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:43:41.634] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 11|max_alert: 1000 [2025-12-09 20:43:41.634] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:43:41.634] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:43:41.634] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:43:44.677] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25463 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.1726800568.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.1726800568.jsonl?X-Amz-Signature=f31b1affb2cecffa0194fa9169fac25c96525a6fea0370c2c1ecae84f232b425&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T124344Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 20:43:44.677] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:43:44.677] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:43:44.677] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:43:44.677] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:43:44.677] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:43:44.677] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:43:44.915] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.1726800568.jsonl|result:{"code": 1, "total_count": 12, "alert_count": 11, "abnormal_count": 11, "normal_count": 1, "timestamp": 1765284224677, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51271, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.8192816349849472, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.137", "protocol": 6, "src_port": 51264, "dest_port": 22, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51265, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.8870828047759287, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51267, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.9520112014972585, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51274, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.9971468104648852, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51277, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.9912261189471189, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51260, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.7938605210350151, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51276, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.6494420354275284, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51268, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.5903049085195861, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51273, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.8840743179035093, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51270, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.8989305967628844, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:43:44.915] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 11|max_alert: 1000 [2025-12-09 20:43:44.915] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:43:44.915] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:43:44.915] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:43:47.915] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25117 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID1-4-tls1.3CS4.8_win11_kali_jdk_Domain.1730649909.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID1-4-tls1.3CS4.8_win11_kali_jdk_Domain.1730649909.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=6f990f2a753b108da2fa3bb4086094b7a4e04de293eff5e793dc2a1e0542f4fe&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T124347Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:43:47.915] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:43:47.915] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:43:47.915] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:43:47.915] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:43:47.915] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:43:47.916] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:43:48.208] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID1-4-tls1.3CS4.8_win11_kali_jdk_Domain.1730649909.jsonl|result:{"code": 1, "total_count": 41, "alert_count": 41, "abnormal_count": 41, "normal_count": 0, "timestamp": 1765284227916, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50218, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9330502862781783, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50235, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6979659612052407, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50233, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8631985948647156, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50207, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8075997965196723, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50159, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8726905352520049, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50195, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.859611378054762, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50158, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8792161049301855, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50240, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7460143940541006, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50141, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8016950731797269, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50211, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9561577769728932, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50216, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9529364841515092, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50142, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9140612352387926, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50200, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8191924005399444, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50155, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8746111362024195, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50217, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.88665995273261, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50150, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5698351730075547, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50237, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9020023494106068, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50157, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9837401038245965, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50154, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7797925580095155, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50163, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7744956526775698, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50208, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9492184772662211, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50210, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9314252350421861, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50245, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9427754789437156, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50196, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7883378959479387, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50198, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7526817551597956, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50161, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8110834434666421, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50209, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7580829892252735, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50231, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5141997400951804, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50243, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7194031857892819, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50160, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.527074227206573, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50202, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6952493554840984, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50246, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7764631473253198, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50228, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9445251007111932, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50224, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9793428598248682, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50205, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9496310163545119, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50226, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9520510033703173, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50197, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7250233473155627, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50247, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8137767840729934, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50239, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.4989886824170198, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50219, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7879526134578518, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50201, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8499495087940803, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:43:48.208] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 41|max_alert: 1000 [2025-12-09 20:43:48.208] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:43:48.208] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:43:48.208] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:43:51.095] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25118 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID43-tls1.2CS4.8_windowsserver2016_ubuntu_jdk_domain.1727400446.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID43-tls1.2CS4.8_windowsserver2016_ubuntu_jdk_domain.1727400446.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=3c3f6d7daab90fae02b24c6526e2dead4436a17f8d3e0cc378afe5221c4f0118&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T124350Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:43:51.095] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:43:51.095] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:43:51.096] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:43:51.096] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:43:51.096] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:43:51.096] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:43:51.459] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID43-tls1.2CS4.8_windowsserver2016_ubuntu_jdk_domain.1727400446.jsonl|result:{"code": 1, "total_count": 72, "alert_count": 72, "abnormal_count": 72, "normal_count": 0, "timestamp": 1765284231096, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50143, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.97820633925699, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50145, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9701664948086928, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50173, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.920475982996381, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50196, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9829926493861587, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50205, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.8850271139555869, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50184, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9366567315316121, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50186, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.933881307867239, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50166, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9069583444485391, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50167, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.8490728609778261, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50191, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.8849023979429933, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50149, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9762438179222322, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50183, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9497413198116241, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50185, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.979895768858013, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50198, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9850942510784844, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50204, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9115284508458358, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50151, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.8137991929027085, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50175, "dest_port": 8843, "y_pred": 3, "y_pred_proba_max": 0.6690266656466186, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50139, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.8199029028664938, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50181, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.7524764170790574, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50142, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9776610689091709, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50159, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9006105715803133, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50177, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9771752387145426, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50199, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9766541355973589, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50165, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.8941148885458237, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50202, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9444428003931248, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50155, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9703676165237978, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50164, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.5813378438540796, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50153, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9730641797516051, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50176, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.987694368190706, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50182, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9460782730349658, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50146, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.5330434019802295, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50169, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9782850911170348, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50188, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.8217881136553307, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50154, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.930395891506149, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50158, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.6721742338768636, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50152, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.8827416447453953, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50160, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.689497318382247, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50187, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.7104541989429064, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50200, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9549029612191111, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50168, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.982263689933675, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50179, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9482964921699372, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50203, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9673569875092349, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50195, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9731152505452543, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50206, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.7737243521229905, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50150, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9552864080738671, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50190, "dest_port": 8843, "y_pred": 3, "y_pred_proba_max": 0.5332467764885833, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50144, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9747735310251405, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50207, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9242358342072472, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50201, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9272243266170151, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50140, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.8380274612922531, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50209, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.8450986299027614, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50163, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.5265923354323898, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50156, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9490942607683032, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50193, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9275622195428737, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50161, "dest_port": 8843, "y_pred": 3, "y_pred_proba_max": 0.5986787170624236, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50138, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.4851205539197987, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50208, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.871464347692098, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50172, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9603872569869643, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50174, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.8119943216134878, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50178, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9539547645678712, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50157, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.7384086151238073, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50194, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9446378232150051, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50170, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9100832608153238, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50171, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.965171183861655, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50180, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9122908558850786, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50141, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.7215970563815516, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50148, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.933889813975273, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50189, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.7788473533532436, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50162, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.589188935082093, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50147, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.8933595596506126, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50192, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.6092034238533991, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50197, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9889738465345559, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:43:51.459] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 72|max_alert: 1000 [2025-12-09 20:43:51.459] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:43:51.459] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:43:51.459] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:43:54.320] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25464 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID45-tls1.2CS4.8_windowsserver2022_kali_jdk_domain.1727333188.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID45-tls1.2CS4.8_windowsserver2022_kali_jdk_domain.1727333188.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T124353Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=0b3ae2a759db7b93cf2af5bc7cf4cc289cfd20380578d993438f55c083d05093&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:43:54.320] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:43:54.320] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:43:54.320] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:43:54.320] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:43:54.320] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:43:54.321] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:43:54.681] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID45-tls1.2CS4.8_windowsserver2022_kali_jdk_domain.1727333188.jsonl|result:{"code": 1, "total_count": 71, "alert_count": 71, "abnormal_count": 71, "normal_count": 0, "timestamp": 1765284234321, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52207, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8201072823170559, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52173, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.7994450923602808, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52177, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.6256068117788328, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52186, "dest_port": 8443, "y_pred": 3, "y_pred_proba_max": 0.6235350910112814, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52194, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.7129693961172986, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52198, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.677585870950747, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52209, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8953554390212164, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52203, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.7889695016886833, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52211, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.823116337363419, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52221, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9301893526126582, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52168, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9102903057385067, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52165, "dest_port": 8443, "y_pred": 3, "y_pred_proba_max": 0.8233796803015405, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52223, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.7809360873974998, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52225, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.7517913521693894, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52184, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9589969077958768, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52163, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.939932794502004, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52190, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8960649992103199, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52170, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9416769048642595, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52222, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9362164810475315, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52183, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8807918473088079, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52182, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8777400328054021, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52226, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.5414690391851522, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52205, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9635429432168606, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52174, "dest_port": 8443, "y_pred": 3, "y_pred_proba_max": 0.7088347767556308, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52204, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.7110640595961236, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52227, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.6328486408017799, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52214, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.4978313859356064, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52224, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.726989856517231, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52218, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.7079242877097539, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52169, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8216321689657454, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52159, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.7582077641890126, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52212, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.7718678970767923, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52199, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.7920487433228584, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52219, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9478427392033695, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52189, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.5997081946443462, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52197, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.911715498285485, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52157, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8981427145431216, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52215, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8473536482126117, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52187, "dest_port": 8443, "y_pred": 3, "y_pred_proba_max": 0.8723394786193065, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52166, "dest_port": 8443, "y_pred": 3, "y_pred_proba_max": 0.7550881542848443, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52213, "dest_port": 8443, "y_pred": 3, "y_pred_proba_max": 0.5593010776264328, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52161, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9905428449878686, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52179, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.7348299508609937, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52160, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9894715624731266, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52172, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.6940810894114393, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52210, "dest_port": 8443, "y_pred": 3, "y_pred_proba_max": 0.713172576120535, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52217, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9238271788324119, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52162, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8975157391026591, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52220, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9189888399655154, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52201, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9520223068544338, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52192, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9602779269293468, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52188, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9680649101200287, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52195, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9415735277193573, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52185, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.5015770688532734, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52208, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9590041477192529, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52191, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8591250056011214, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52200, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8019309597385412, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52156, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.4093857082491162, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52202, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8936942966314548, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52175, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8133248983082535, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52178, "dest_port": 8443, "y_pred": 3, "y_pred_proba_max": 0.575191534103997, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52176, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8622155120993188, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52167, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8656317489180502, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52171, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.5630000682491543, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52180, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.906543319192246, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52164, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9551076106030785, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52181, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.6752643908627303, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52193, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8494918741425772, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52206, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9249896947298869, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52216, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9265821211597676, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52196, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.7807819354674744, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:43:54.681] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 71|max_alert: 1000 [2025-12-09 20:43:54.681] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:43:54.681] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:43:54.681] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:43:57.452] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25465 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID11-httpCS4.8_win8.1_ubuntu_jdk_domain.1726068805.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID11-httpCS4.8_win8.1_ubuntu_jdk_domain.1726068805.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=0a3a7ba1e69675b03c725a229c82a0644705c78333fa3f082635dee4a2145570&X-Amz-Expires=604800&X-Amz-Date=20251209T124356Z"} [2025-12-09 20:43:57.452] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:43:57.452] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:43:57.453] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:43:57.453] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:43:57.453] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:43:57.453] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:43:57.691] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID11-httpCS4.8_win8.1_ubuntu_jdk_domain.1726068805.jsonl|result:{"code": 1, "total_count": 25, "alert_count": 25, "abnormal_count": 25, "normal_count": 0, "timestamp": 1765284237453, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.43", "dest_ip": "138.113.153.218", "protocol": 6, "src_port": 49378, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 3, "2_sum": 3, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49384, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49374, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49389, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49385, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "138.113.153.218", "protocol": 6, "src_port": 49375, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 3, "2_sum": 3, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49388, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49387, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "23.63.243.99", "protocol": 6, "src_port": 49376, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49393, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49392, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "149.100.155.122", "protocol": 6, "src_port": 49380, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 3, "2_sum": 3, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "149.100.155.122", "protocol": 6, "src_port": 49371, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 3, "2_sum": 3, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "23.222.166.237", "protocol": 6, "src_port": 49377, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49383, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49391, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "149.100.155.122", "protocol": 6, "src_port": 49369, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 3, "2_sum": 3, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49368, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "138.113.153.218", "protocol": 6, "src_port": 49379, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 3, "2_sum": 3, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49390, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49395, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49373, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49382, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49386, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49394, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:43:57.691] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 25|max_alert: 1000 [2025-12-09 20:43:57.691] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:43:57.691] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:43:57.691] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:44:00.710] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24363 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID2-4-tls1.3CS4.8_win11_kali_openjdk_IP.1730305580.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID2-4-tls1.3CS4.8_win11_kali_openjdk_IP.1730305580.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T124400Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=dc04af8085bb57fc5dfff624789288708d714d85bbfb99a88e9c1c8426607eb5"} [2025-12-09 20:44:00.710] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:44:00.710] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:44:00.710] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:44:00.710] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:44:00.710] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:44:00.711] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:44:01.005] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID2-4-tls1.3CS4.8_win11_kali_openjdk_IP.1730305580.jsonl|result:{"code": 0, "total_count": 39, "alert_count": 0, "abnormal_count": 0, "normal_count": 39, "timestamp": 1765284240711, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 20:44:01.005] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 20:44:01.005] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:44:03.909] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25466 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID15-tls1.2CS4.8_win8_ubuntu_jdk_IP.1727154295.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID15-tls1.2CS4.8_win8_ubuntu_jdk_IP.1727154295.jsonl?X-Amz-Signature=f69dcc14af86450a8b7918dc0a5d75d6c7f4ca917615557037310e7191e5433e&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T124403Z&X-Amz-Expires=604800"} [2025-12-09 20:44:03.909] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:44:03.909] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:44:03.909] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:44:03.909] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:44:03.909] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:44:03.910] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:44:04.254] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID15-tls1.2CS4.8_win8_ubuntu_jdk_IP.1727154295.jsonl|result:{"code": 1, "total_count": 68, "alert_count": 68, "abnormal_count": 68, "normal_count": 0, "timestamp": 1765284243910, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50078, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8566228375120293, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50104, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9980946984310067, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50071, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9679657854585794, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50082, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9744027187849323, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50094, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.958585219862154, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50079, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9621837616439113, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50062, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9707376487545912, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50076, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7177358666081637, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50092, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9451515752873013, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50101, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5365840650974703, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50037, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50067, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6385632740262296, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50097, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.961587274362697, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50041, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7129343161261477, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50046, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9934761879320912, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50054, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9686263246315177, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50081, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9637352341093589, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50083, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8255198620346854, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50080, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8539824265540789, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50096, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8903550322275481, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50087, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9454109013177424, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50058, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7996622346697402, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50095, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9321599343219462, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50061, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9181476333236057, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50043, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9518385673271276, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50049, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9193453040303777, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50072, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9101845270546904, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50100, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7928048530566822, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50064, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.920209059449094, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50098, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.765666056912715, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50038, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9677449374066276, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50070, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9962990618804092, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50103, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9014471983600338, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50059, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9451335640893533, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50077, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9485385495149261, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50090, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.915679843246884, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50051, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9036532762925971, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50074, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9141119435787239, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50093, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8628554551251637, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50066, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6686994279670726, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50052, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9688036894685641, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50048, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9562646498804207, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50068, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8670655557138458, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50075, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9408354855712204, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50053, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5437788374170198, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50065, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.964503425552369, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50047, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9592047131554816, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50045, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8839649115616273, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50099, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8077615400432819, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50069, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9263542060588672, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50055, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8794568850846123, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50073, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7789361591320664, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50042, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9813134337910734, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50060, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9225836460156668, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50050, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9986159389900082, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50040, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9706352411166825, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50056, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9495167332439841, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50057, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6895157668877497, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50091, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9708651741431864, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50085, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9278062426408744, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50086, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9454239873600364, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50084, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7067229318053266, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50063, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7524609017499579, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50088, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.91719749719828, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50102, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7194932458716657, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50044, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8116589287260333, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50039, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6313540024330998, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50089, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9970658455771895, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:44:04.254] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 68|max_alert: 1000 [2025-12-09 20:44:04.254] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:44:04.254] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:44:04.254] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:44:07.120] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25467 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID13-tls1.2CS4.8_win8_kali_jdk_IP.1727155835.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID13-tls1.2CS4.8_win8_kali_jdk_IP.1727155835.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T124406Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=0b46605352b1d16f444e34d32eb49f43e563547f52f2cd783d1e49d2346d64dc"} [2025-12-09 20:44:07.120] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:44:07.120] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:44:07.120] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:44:07.120] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:44:07.120] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:44:07.121] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:44:07.457] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID13-tls1.2CS4.8_win8_kali_jdk_IP.1727155835.jsonl|result:{"code": 1, "total_count": 65, "alert_count": 65, "abnormal_count": 65, "normal_count": 0, "timestamp": 1765284247121, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50212, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9278492942768202, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50231, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9719873437459042, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50188, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9803912339333318, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50238, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.951635162803181, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50239, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9923269924541407, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50217, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.92285419618966, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50204, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9385700169454037, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50202, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.5661474999394581, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50225, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.962058109290631, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50230, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9839683060264746, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50180, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9695585825048506, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50209, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9204172094936999, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50237, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9686593038033358, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50227, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9675066245626636, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50224, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.8677773572723557, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50192, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.7706255713833702, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50232, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.610663789755218, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50178, "dest_port": 6443, "y_pred": 1, "y_pred_proba_max": 0.9322774135776505, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50215, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9297063237343295, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50234, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9187268641675644, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50219, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9223060093640993, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50211, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.919372293484162, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50181, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9318803763641275, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50213, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9931490362523215, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50216, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9126614016023608, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50199, "dest_port": 6443, "y_pred": 1, "y_pred_proba_max": 0.559842093894164, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50173, "dest_port": 8001, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50198, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9589185063014187, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50193, "dest_port": 6443, "y_pred": 1, "y_pred_proba_max": 0.5316720349045349, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50203, "dest_port": 6443, "y_pred": 1, "y_pred_proba_max": 0.55048140342522, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50221, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9416925335484335, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50179, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.7658867928449715, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50194, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9730338788223877, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50177, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.980878741079023, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50197, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9318025321808883, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50207, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9835365791466364, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50183, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9701315590496297, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50210, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9308166427770547, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50175, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9988818029381639, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50201, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.8864871343721881, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50190, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9307815464609354, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50222, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.8532746399782163, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50185, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9358410169127646, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50228, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9668893355122543, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50189, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9788980811257662, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50208, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9243540659234875, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50195, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9401913312281446, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50200, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.924785880937046, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50205, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9583940864575231, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50236, "dest_port": 6443, "y_pred": 1, "y_pred_proba_max": 0.9989419130010209, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50223, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9037859370131847, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50196, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.8791195650189084, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50206, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9729443046478322, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50220, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.8501888374113484, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50226, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9111393035190335, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50187, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9198561921498767, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50235, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9351102835046282, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50240, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9812458766039883, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50241, "dest_port": 6443, "y_pred": 1, "y_pred_proba_max": 0.5928335152443728, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50229, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9190232985373901, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50182, "dest_port": 6443, "y_pred": 1, "y_pred_proba_max": 0.6259837725652747, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50186, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9980325459788237, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50218, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9675906759097409, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50191, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9873054591409861, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50184, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9047838349342793, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:44:07.457] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 65|max_alert: 1000 [2025-12-09 20:44:07.457] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:44:07.457] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:44:07.457] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:44:10.329] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25119 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID42-tls1.2CS4.8_windowsserver2016_kali_openjdk_domain.1727340269.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID42-tls1.2CS4.8_windowsserver2016_kali_openjdk_domain.1727340269.jsonl?X-Amz-Signature=1008da0f83c8b8da67ada1c0bc34d3ed26dcff46be746d32f1cdda3c5d7343f3&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T124409Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:44:10.329] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:44:10.329] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:44:10.329] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:44:10.329] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:44:10.329] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:44:10.329] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:44:10.674] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID42-tls1.2CS4.8_windowsserver2016_kali_openjdk_domain.1727340269.jsonl|result:{"code": 1, "total_count": 63, "alert_count": 63, "abnormal_count": 63, "normal_count": 0, "timestamp": 1765284250329, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54275, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9139799819919529, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54286, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9389873543601166, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54272, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.7852385620391517, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54324, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.7631510373623915, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54311, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.957076840507715, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54289, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.8271871949857662, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54323, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9342338846770956, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54292, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9689863075486125, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54321, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9741225312246382, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54300, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9710544182611289, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54283, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9564530715027103, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54273, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9796930506905254, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54298, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9439788706474223, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54265, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.7849349509968822, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54294, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.8983259722666408, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54271, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.7245994859697605, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54316, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9292401056885424, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54319, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.7117296062436028, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54309, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9051632637352127, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54317, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9167854135592587, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54263, "dest_port": 8070, "y_pred": 2, "y_pred_proba_max": 0.7202727441518959, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54322, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.7586277883548395, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54284, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.8873301538793522, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54287, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.8182789170784794, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54307, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.6409481102037257, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54291, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9437685528559473, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54274, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.7961027793299416, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54281, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9354179763406326, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54304, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9779489085952777, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54266, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.8150896088385378, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54315, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9336194415518306, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54320, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.8740108981174052, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54308, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9402758127494969, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54282, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.8771662321741778, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54297, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.8750928848375036, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54268, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9435342518601219, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54290, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.7055287745161242, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54301, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9131090963416657, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54310, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.8325211588977817, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54270, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.6541422740155358, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54269, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.8240868973568249, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54276, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.8603405530654629, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54305, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9573628319992948, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54278, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.7993918359854975, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54288, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.7385175461446585, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54264, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9361259429647771, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54277, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9833963368271451, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54285, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9459871906497522, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54280, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9297159973623893, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54295, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.981550195144498, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54302, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9543878307208462, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54267, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.947009351035173, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54293, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9746748631886025, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54279, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9732540080090185, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54303, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.8463411466267733, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54325, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.6562563188800247, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54299, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9363726723925413, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54306, "dest_port": 8070, "y_pred": 3, "y_pred_proba_max": 0.5390819996892412, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54312, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.8888058110583327, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54313, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.5228520959371148, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54296, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9832712991088768, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54314, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.7181061126883375, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54318, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.8511905154691065, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:44:10.674] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 63|max_alert: 1000 [2025-12-09 20:44:10.674] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:44:10.674] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:44:10.674] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:44:13.521] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24364 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_IP.1727159432.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_IP.1727159432.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251209T124413Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=4ed78f1d69880cf5074c173315d9b7be50abf20ab59366ec8702088c39d390da"} [2025-12-09 20:44:13.521] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:44:13.521] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:44:13.521] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:44:13.521] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:44:13.521] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:44:13.522] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:44:13.860] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_IP.1727159432.jsonl|result:{"code": 1, "total_count": 65, "alert_count": 65, "abnormal_count": 65, "normal_count": 0, "timestamp": 1765284253522, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50384, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9439779894358182, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50396, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9985361249728576, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50413, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.943781652889414, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50432, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5755065543657735, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50401, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6818961035202294, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50415, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5854676561521224, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50431, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5946302631072571, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50439, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6039410775492351, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50391, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7347430159455198, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50408, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8949042243688631, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50421, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8558747707110991, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50423, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7495260192540675, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50388, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.841125370966926, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50419, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9792067607745986, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50380, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9994612239540844, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50390, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9678236427178376, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50403, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8133093874124044, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50411, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9980761146243456, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50440, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.778322465747117, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50437, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9513245590457864, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50397, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9169093286493782, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50414, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.986875559465868, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50394, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8796379980320526, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50434, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9702095796613037, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50389, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8422110126785458, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50427, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8457768712055491, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50382, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9496372172915218, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50428, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8647353419649066, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50422, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9087612364284736, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50393, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8910501015159352, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50400, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9184907433476277, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50424, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7542538691551356, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50381, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9907433883705469, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50392, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9997143779426744, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50379, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50412, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9951402887164129, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50395, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8726484804235205, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50426, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7953762196208882, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50425, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9921048970580018, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50416, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9104592092717328, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50406, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7568978585660701, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50417, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7042730175980353, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50433, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9632733212855549, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50435, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.873105714454628, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50430, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8681962551264064, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50442, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8752148758264221, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50385, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9992875913993934, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50399, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9838539204974263, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50409, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9495366226425673, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50407, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9602770942633632, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50436, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8821149566070617, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50402, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9809113790871578, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50387, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.998468546369275, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50410, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8967651727407784, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50441, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9270757817813389, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50418, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9646794577001432, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50386, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7136927693998026, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50443, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6108380006412945, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50383, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5006338457549027, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50429, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7907235975959688, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50438, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9239789628022154, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50398, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9182914273706004, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50420, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.767283507967873, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50404, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9392730278789048, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50405, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9681301705689233, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:44:13.860] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 65|max_alert: 1000 [2025-12-09 20:44:13.860] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:44:13.860] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:44:13.860] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:44:16.728] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24365 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID41-tls1.2CS4.8_windowsserver2016_kali_jdk_IP.1727336842.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID41-tls1.2CS4.8_windowsserver2016_kali_jdk_IP.1727336842.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251209T124416Z&X-Amz-SignedHeaders=host&X-Amz-Signature=6278aa6c73dc628dd02369263893e291126031de31202dbd54bcf41aa112f5ba&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:44:16.728] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:44:16.729] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:44:16.729] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:44:16.729] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:44:16.729] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:44:16.730] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:44:17.065] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID41-tls1.2CS4.8_windowsserver2016_kali_jdk_IP.1727336842.jsonl|result:{"code": 1, "total_count": 61, "alert_count": 61, "abnormal_count": 61, "normal_count": 0, "timestamp": 1765284256730, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50792, "dest_port": 8000, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51166, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7512951403265733, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51177, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5354534552824174, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51156, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.948290879509835, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51162, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9997377851932485, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51151, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7633574238858089, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51184, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9195032648533846, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51187, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8466657695254306, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51158, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5265485383532306, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51159, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9655502120843976, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51153, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9745749820465286, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51174, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9446273934218422, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51183, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6861730168581167, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51146, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9854785328257445, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51138, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9641760765735979, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51185, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9022546715208096, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51172, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8024546197843861, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51189, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.958472713306597, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51193, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8928567300960533, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51154, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9734747866495819, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51165, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6665096753534986, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51157, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9445748735491024, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51192, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9438009719535747, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51181, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.702755706367141, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51182, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5938102148400632, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51002, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.748068733977133, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51148, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9203932730820096, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51160, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9314128929048769, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51186, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9635581642153224, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51144, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8098538462318634, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51169, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8934310048997103, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51142, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.960468635468301, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51171, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9536471297601031, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51173, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9552759788013808, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51167, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8664515938337393, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51194, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5213311646560579, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51191, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.811887557182781, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51190, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8731068262857807, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51141, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9512418870031208, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51195, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6626498783770713, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51145, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8893645975551419, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51139, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9808865040596606, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51161, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8366154777576364, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51170, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9110646816699018, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51168, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9009561348555744, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51178, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9179222834689442, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51152, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7498611959234643, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51143, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9557513945091047, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51163, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8361285582496254, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51188, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7568428360679378, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51140, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8382237239026186, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51176, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.884340743592107, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51001, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.37948917450859804, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51179, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9412731360469947, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51180, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9023567285736286, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51175, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7270146464413063, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51147, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9809412803182338, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51149, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9799252394866419, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51155, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9736189018408796, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51164, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6705290598956712, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51150, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8377810654749864, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:44:17.065] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 61|max_alert: 1000 [2025-12-09 20:44:17.065] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:44:17.065] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:44:17.065] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:44:19.919] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25120 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51802.1726814707.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51802.1726814707.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251209T124419Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=01c915ea8338abb199600102e3e84caa31874e27e55059e79af2b627dc3d6558&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:44:19.919] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:44:19.919] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:44:19.919] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:44:19.919] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:44:19.919] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:44:19.920] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:44:20.104] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51802.1726814707.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765284259920, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51802, "dest_port": 446, "y_pred": 2, "y_pred_proba_max": 0.886097405910754, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:44:20.104] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:44:20.104] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:44:20.104] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:44:20.104] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:44:23.112] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24366 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51144.1726796447.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51144.1726796447.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251209T124422Z&X-Amz-SignedHeaders=host&X-Amz-Signature=888484f8b4ff06a2638def9a89f91597d5cbe7c61a1fccf5affc2d68981feb9e&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:44:23.112] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:44:23.112] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:44:23.112] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:44:23.112] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:44:23.112] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:44:23.112] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:44:23.310] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51144.1726796447.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765284263112, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51144, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.385851583840364, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-09 20:44:23.310] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:44:23.310] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:44:23.310] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:44:23.310] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:44:26.326] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25468 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51262.1726800644.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51262.1726800644.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=fe33490bb9aa33fbf522f845dbf2465dd3e16bc41e630d67cf433ec16da18d3a&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T124425Z"} [2025-12-09 20:44:26.326] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:44:26.326] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:44:26.326] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:44:26.326] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:44:26.326] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:44:26.327] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:44:26.523] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51262.1726800644.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765284266327, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 20:44:26.523] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 20:44:26.523] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:44:29.496] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25121 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51900.1726817532.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51900.1726817532.jsonl?X-Amz-Date=20251209T124428Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=a7a2c19a7c0de3a420d609df3b46e92cdb84c579b82486616811b51bdce2564b&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-09 20:44:29.496] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:44:29.496] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:44:29.496] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:44:29.497] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:44:29.497] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:44:29.497] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:44:29.714] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51900.1726817532.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765284269497, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 20:44:29.714] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 20:44:29.714] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:44:32.704] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25122 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID44-tls.12CS4.8_windowsserver2016_ubuntu_openjdk_IP.1727401942.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID44-tls.12CS4.8_windowsserver2016_ubuntu_openjdk_IP.1727401942.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251209T124432Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=26826a2934b8bf1a18a9ec82da69527ab6b93fb2fd43f98605f98ee0fb72998d"} [2025-12-09 20:44:32.704] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:44:32.704] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:44:32.704] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:44:32.704] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:44:32.704] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:44:32.704] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:44:33.031] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID44-tls.12CS4.8_windowsserver2016_ubuntu_openjdk_IP.1727401942.jsonl|result:{"code": 1, "total_count": 58, "alert_count": 58, "abnormal_count": 58, "normal_count": 0, "timestamp": 1765284272704, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50592, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.919938353908413, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50578, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.889845462296452, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50575, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7986478039406552, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50589, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7365544804053619, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50585, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9316644775482134, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50607, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8069653158560977, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50569, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6063767129616654, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50573, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8675763574077542, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50603, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7368369160319744, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50567, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9768990598133026, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50609, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.90740063674653, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50611, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8217182321309826, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50574, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7414796880581952, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50565, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9714924852648004, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50614, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8508948820355978, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50584, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.791225018010114, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50599, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.671135920219859, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50604, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8017323717093463, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50613, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9196045126741191, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50598, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8596664763310572, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50605, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.96463189380175, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50579, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7493241478682623, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50564, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.979878138237713, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50576, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7954543707452366, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50571, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6918064726495353, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50582, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9383541375972156, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50594, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8208361208636802, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50562, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9312415867955829, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50580, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9359445705452927, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50583, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9441908151197304, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50596, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7162124611716104, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50597, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9345971709002083, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50600, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9651550028374658, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50610, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9266223036688434, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50587, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5539180224437122, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50572, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9534469582439993, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50590, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9682856707084341, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50616, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7905870390891184, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50615, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6732052034793512, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50608, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9361660568638587, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50556, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9353197866531816, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50593, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5881729403931848, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50566, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.751676409440836, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50606, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9860171670689037, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50588, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9157595821356634, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50586, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8923512085977876, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50591, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.981820601558229, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50601, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9555965588491251, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50557, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8929601492059437, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50563, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8128504163826346, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50602, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8964899244708837, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50568, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7921739651929108, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50577, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7341732195130086, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50612, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9405019676738905, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50570, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9419346182555294, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50595, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8251096487589925, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50561, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8167839195440111, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50581, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.932180031220131, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:44:33.031] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 58|max_alert: 1000 [2025-12-09 20:44:33.031] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:44:33.031] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:44:33.031] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:44:35.926] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24367 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID45-tls1.2CS4.8_windowsserver2022_kali_jdk_IP.1727332428.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID45-tls1.2CS4.8_windowsserver2022_kali_jdk_IP.1727332428.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=13e4113f8279bb935eb85029b47f0d25c2c1e30db522b18f49f934b223e9b420&X-Amz-Date=20251209T124435Z"} [2025-12-09 20:44:35.926] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:44:35.926] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:44:35.926] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:44:35.926] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:44:35.926] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:44:35.927] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:44:36.233] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID45-tls1.2CS4.8_windowsserver2022_kali_jdk_IP.1727332428.jsonl|result:{"code": 1, "total_count": 54, "alert_count": 54, "abnormal_count": 54, "normal_count": 0, "timestamp": 1765284275927, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51910, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8277621355950366, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51918, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9054689944592235, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51894, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9519440853110971, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51900, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8418888360427375, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51876, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7925632132063418, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51889, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8436825108778546, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51893, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9829687629138733, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51897, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9544300975250505, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51891, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8070400115957211, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51906, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8473257553609099, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51873, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7502206533552567, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51874, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8460661302868131, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51895, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8059558091693106, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51887, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5324072086040366, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51884, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9625488403566037, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51909, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.963953032825009, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51879, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6261750887607981, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51904, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6548978381836824, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51920, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8802703266762615, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51902, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7786726705117748, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51915, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8551843048958641, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51881, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7184754516198423, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51917, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9318026551575844, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51922, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7564844781826281, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51890, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6044335869391539, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51885, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9908302382502571, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51914, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.948035168306694, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51875, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8261131792930604, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51898, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8027970627763823, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51883, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7214030444811316, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51882, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9388900985100046, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51905, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6965624929877262, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51919, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6780696022305538, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51871, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9478638588669831, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51878, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8713640140429504, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51899, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7502450849095001, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51903, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9289580438085885, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51921, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7016685223157152, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51913, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8371093589905179, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51892, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9279227404209224, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51880, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.649130574904148, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51888, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5138420994526052, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51907, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9386884144970506, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51872, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9608696409674405, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51896, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9433411412845664, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51908, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.955448540577832, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51911, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9743479216674278, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51916, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9766507503225375, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51886, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.980841005367989, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51877, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8997009126260364, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51912, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8534501181606403, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51868, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.8033986762067085, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51869, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9711673404775854, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51901, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7452479157167977, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:44:36.233] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 54|max_alert: 1000 [2025-12-09 20:44:36.233] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:44:36.233] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:44:36.233] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:44:39.179] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25469 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID46-tls.12CS4.8_windowsserver2022_kali_openjdk_domain.1727331505.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID46-tls.12CS4.8_windowsserver2022_kali_openjdk_domain.1727331505.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T124438Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=f9f75bed0de28e718877111f9309fdb457aacc4841f91fc085370bd9b8e1524b"} [2025-12-09 20:44:39.179] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:44:39.179] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:44:39.179] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:44:39.179] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:44:39.179] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:44:39.180] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:44:39.496] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID46-tls.12CS4.8_windowsserver2022_kali_openjdk_domain.1727331505.jsonl|result:{"code": 1, "total_count": 54, "alert_count": 54, "abnormal_count": 54, "normal_count": 0, "timestamp": 1765284279180, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51580, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9737119891865093, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51561, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.6581309600103571, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51594, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9484617157994825, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51570, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9419279010568342, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51584, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9559589451761814, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51600, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.6916152562147252, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51588, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.885089535964391, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51597, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.7631784044885759, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51604, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.71147578927388, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51562, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.7916109236040738, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51573, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9490978656039605, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51605, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.6437818237934595, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51610, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8433999839898527, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51574, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9814468053609373, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51587, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.7686805153793731, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51593, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.991389443604995, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51596, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.7261974584899389, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51578, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9735920450971155, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51579, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8372136980371361, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51583, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9800693036048761, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51571, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9289093543199546, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51575, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8875063716219491, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51585, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.7384483236210801, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51598, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9570188724835563, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51599, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8126934074161527, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51601, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.7742112857862967, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51577, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9361303281919923, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51581, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.944473699417598, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51607, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9361360969997798, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51602, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.814723934958539, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51567, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8822918694986474, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51582, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.7754980087465008, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51589, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9712372887158539, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51595, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.7418300727893348, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51568, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.6562078906631288, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51572, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9690767746062029, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51564, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9433931885735131, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51586, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9728301861513698, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51563, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.7395770681471727, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51569, "dest_port": 8443, "y_pred": 3, "y_pred_proba_max": 0.5992511446137153, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51612, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8850007279815829, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51591, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9248209654087644, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51590, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8527197639076306, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51603, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9097448896182906, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51557, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8824195498393378, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51566, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8489216722000901, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51608, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8829688737120818, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51609, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9487952174939838, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51592, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8659493806101668, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51611, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9716723319493124, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51556, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.751808175597194, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51606, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.914609316186646, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51576, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9540441271191156, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51565, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8508124373146292, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:44:39.496] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 54|max_alert: 1000 [2025-12-09 20:44:39.496] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:44:39.496] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:44:39.496] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:44:42.382] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24368 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID44-tls.12CS4.8_windowsserver2016_ubuntu_openjdk_domain.1727402811.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID44-tls.12CS4.8_windowsserver2016_ubuntu_openjdk_domain.1727402811.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=d0e5502784732295e5c86ebaef7c18bff8653442e9cd4c67867b394d4bb7f0c8&X-Amz-Date=20251209T124441Z"} [2025-12-09 20:44:42.382] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:44:42.382] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:44:42.382] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:44:42.382] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:44:42.382] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:44:42.382] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:44:42.697] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID44-tls.12CS4.8_windowsserver2016_ubuntu_openjdk_domain.1727402811.jsonl|result:{"code": 1, "total_count": 53, "alert_count": 53, "abnormal_count": 53, "normal_count": 0, "timestamp": 1765284282383, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50832, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.940221618531975, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50878, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9373424384315181, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50842, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9617388295541971, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50856, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9751302757254107, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50857, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9695887280662026, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50866, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.8969596285995963, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50873, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9850457432853492, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50838, "dest_port": 8843, "y_pred": 3, "y_pred_proba_max": 0.6784866089244911, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50875, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9367907509939358, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50872, "dest_port": 8843, "y_pred": 3, "y_pred_proba_max": 0.8564530602377544, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50844, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9788235843300421, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50852, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9560668410442559, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50868, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.8964779701043224, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50870, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.7973107636235428, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50874, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.8470057391050821, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50840, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.909121756354137, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50848, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.803348245572505, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50858, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.849978296664325, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50879, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.8521082999512859, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50834, "dest_port": 8843, "y_pred": 3, "y_pred_proba_max": 0.8516737925663884, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50855, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.7185841080012451, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50841, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.6884866513337922, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50859, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.967100523562462, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50863, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.7617313533941001, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50862, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9937770057989308, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50851, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.7779135220624269, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50830, "dest_port": 8843, "y_pred": 2, "y_pred_proba_max": 0.922442288715095, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50846, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.7023083356979712, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50849, "dest_port": 8843, "y_pred": 3, "y_pred_proba_max": 0.499892437194262, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50860, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9219150133695014, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50836, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9407350249279497, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50867, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.6067125106155578, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50882, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.8381972479951724, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50839, "dest_port": 8843, "y_pred": 3, "y_pred_proba_max": 0.9656826835861532, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50837, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.7903666523310198, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50831, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9822612157874431, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50843, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.968022479934361, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50880, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.7923830709145896, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50853, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9558619485451724, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50869, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.951485745749508, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50876, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9663894681447874, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50847, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.7716188437973387, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50845, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.927910009522291, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50833, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9422587331316291, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50871, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.7862094902418666, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50864, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.869571166400963, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50850, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.7757844547228879, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50861, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.938673349556075, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50865, "dest_port": 8843, "y_pred": 3, "y_pred_proba_max": 0.7670078626367843, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50881, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.8741913394135943, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50854, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9454586260599525, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50835, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9128622502121867, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50877, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9327232184928673, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:44:42.697] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 53|max_alert: 1000 [2025-12-09 20:44:42.697] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:44:42.697] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:44:42.697] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:44:45.591] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25470 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID47-tls1.2CS4.8_windowsserver2022_ubuntu_jdk_IP.1727320000.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID47-tls1.2CS4.8_windowsserver2022_ubuntu_jdk_IP.1727320000.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251209T124445Z&X-Amz-Signature=4af00ee533e5be77778362f0ddfb65e990b508e39e41c67b0ba64c9fdf68b1eb&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-09 20:44:45.591] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:44:45.591] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:44:45.592] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:44:45.592] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:44:45.592] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:44:45.592] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:44:45.905] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID47-tls1.2CS4.8_windowsserver2022_ubuntu_jdk_IP.1727320000.jsonl|result:{"code": 1, "total_count": 53, "alert_count": 53, "abnormal_count": 53, "normal_count": 0, "timestamp": 1765284285592, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50646, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9641118461262765, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50672, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9810688115489528, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50649, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5383239874292314, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50666, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9997260843224112, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50673, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.937751153742365, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50655, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6689034602113877, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50682, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8177423382700567, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50657, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5232888456904898, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50676, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9343660634727488, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50683, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5082062391829633, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50685, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8287299771711815, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50680, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8802106541282002, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50644, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8283425356011436, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50635, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9737688784580472, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50642, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6103722461569957, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50637, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6776288025186553, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50660, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9445602437574558, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50668, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5134120308012482, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50663, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7067645825096874, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50633, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9079671591062715, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50636, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9995536295453813, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50671, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8702387669933649, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50675, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8727745307985147, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50650, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.99382363353094, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50681, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7097902197024425, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50664, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6884616603203334, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50640, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7671579966557779, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50645, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9342997270425343, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50659, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8229279421192818, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50641, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8427099880918058, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50647, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8781541729345593, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50639, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.917736767344109, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50669, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7726250654480546, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50674, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.4902340896659531, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50678, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9988419593111856, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50651, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8095512650075916, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50643, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7856555318291703, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50656, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8589563159901207, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50638, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8977570922051934, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50661, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7447129417251058, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50665, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7288699595814496, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50667, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7691384538709107, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50679, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.4943940948693833, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50684, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.740530058154285, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50677, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8674647486849115, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50653, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8584302255665796, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50658, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.902918826874756, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50634, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9869245476209628, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50654, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8353668835102337, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50662, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5896327402145757, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50670, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.937417907603327, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50652, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9602514456802667, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50648, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5729505431979369, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:44:45.905] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 53|max_alert: 1000 [2025-12-09 20:44:45.905] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:44:45.905] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:44:45.905] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:44:48.763] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24369 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID9-tls1.2CS4.8_win8.1_kali_jdk_domain.1727074763.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID9-tls1.2CS4.8_win8.1_kali_jdk_domain.1727074763.jsonl?X-Amz-Signature=adbcfbc12bf38ecee9c7f17cf4501a71f58ce86d75bd5c8971ce173848e9fc84&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T124448Z&X-Amz-Expires=604800"} [2025-12-09 20:44:48.763] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:44:48.763] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:44:48.763] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:44:48.763] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:44:48.763] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:44:48.764] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:44:49.063] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID9-tls1.2CS4.8_win8.1_kali_jdk_domain.1727074763.jsonl|result:{"code": 1, "total_count": 48, "alert_count": 48, "abnormal_count": 48, "normal_count": 0, "timestamp": 1765284288764, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50180, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.6239031188053099, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50197, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9762108077456259, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50200, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9934874610166191, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50207, "dest_port": 4431, "y_pred": 1, "y_pred_proba_max": 0.9686844557017092, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50217, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9880513610161671, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50187, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.806158159517571, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50185, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9961190195763644, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50201, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9651975229306475, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50218, "dest_port": 4431, "y_pred": 1, "y_pred_proba_max": 0.8004096890480343, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50184, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.661116983350053, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50215, "dest_port": 4431, "y_pred": 1, "y_pred_proba_max": 0.7246996089996638, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50219, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9760353145312586, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50186, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9783642661335044, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50194, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.7709361598277292, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50204, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.6231819735335516, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50213, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9933342726411358, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50177, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9942163921224634, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50181, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9339880623291397, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50208, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.8822700743702137, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50176, "dest_port": 801, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50192, "dest_port": 4431, "y_pred": 1, "y_pred_proba_max": 0.7427955312068172, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50222, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.6857809945291523, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50224, "dest_port": 4431, "y_pred": 1, "y_pred_proba_max": 0.7337563006041925, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50210, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9747483680440946, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50206, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9083240828285978, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50179, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9737269030198793, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50193, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.6790809679504902, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50196, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.985442170776326, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50214, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9555626910287899, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50189, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.97065562466958, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50190, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.786565890439424, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50183, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.857979495339769, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50188, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.8990992986398794, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50199, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9825499902435425, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50198, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9690248610573996, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50203, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.941406908939013, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50205, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9897769522912672, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50209, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9923758704121171, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50211, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9940386146033722, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50212, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9897432271926416, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50216, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9651980818592956, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50202, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.952419040512868, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50220, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.8520782484713526, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50221, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9642712393074234, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50195, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.5249298205322234, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50191, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.8037928769566836, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50182, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9774722592890711, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50223, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.8840343370639095, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:44:49.063] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 48|max_alert: 1000 [2025-12-09 20:44:49.063] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:44:49.063] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:44:49.063] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:44:51.938] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25471 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID2-4-tls1.2CS4.8_win11_kali_openjdk_IP.1730304759.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID2-4-tls1.2CS4.8_win11_kali_openjdk_IP.1730304759.jsonl?X-Amz-Signature=cae663e69142ecf673618d3934f1c9ed7144c90d3ed49badd265cd33c35a0100&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T124451Z&X-Amz-SignedHeaders=host"} [2025-12-09 20:44:51.939] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:44:51.939] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:44:51.939] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:44:51.939] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:44:51.939] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:44:51.939] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:44:52.199] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID2-4-tls1.2CS4.8_win11_kali_openjdk_IP.1730304759.jsonl|result:{"code": 1, "total_count": 30, "alert_count": 30, "abnormal_count": 30, "normal_count": 0, "timestamp": 1765284291939, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51061, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9205641457381933, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51026, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9560092880642167, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51047, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9688302742131891, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51051, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8950631349423487, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51030, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8254072215629482, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51055, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9516714454573676, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51065, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.935310732929676, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51056, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8290982138824224, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51013, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8632187772619618, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51062, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8897661695608252, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51031, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9835502803818564, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51060, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9056514110802029, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51049, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9212585736117578, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51067, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8470370218277853, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51070, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9726464492584682, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51021, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9448114951710338, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51052, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8180828702811718, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51058, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9678502053188109, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51069, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.955326396937193, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51007, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8072009496464275, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51028, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.909715131386468, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51008, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8197756927678415, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51033, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8000610839703605, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51045, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9179373152081227, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51041, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.6026954720387215, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51039, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.6854722523821205, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51042, "dest_port": 7777, "y_pred": 3, "y_pred_proba_max": 0.48463054170760117, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51034, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9719707751780218, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51038, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9303128613521624, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51063, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9418641735729519, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:44:52.199] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 30|max_alert: 1000 [2025-12-09 20:44:52.199] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:44:52.199] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:44:52.199] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:44:55.066] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25472 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_3389_111-53-218-171_6945.1726283902.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_3389_111-53-218-171_6945.1726283902.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=c4164bfc21e3c34f34afbeca2ae2d56b3fd6482979b6cbd36641b0b68b3e5f4e&X-Amz-Date=20251209T124454Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-09 20:44:55.066] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:44:55.066] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:44:55.066] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:44:55.066] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:44:55.066] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:44:55.067] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:44:55.248] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_3389_111-53-218-171_6945.1726283902.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765284295067, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "10.0.4.15", "dest_ip": "111.53.218.171", "protocol": 6, "src_port": 3389, "dest_port": 6945, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:44:55.248] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:44:55.248] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:44:55.248] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:44:55.248] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:44:58.259] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25123 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID47-tls1.2CS4.8_windowsserver2022_ubuntu_jdk_domain.1727321134.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID47-tls1.2CS4.8_windowsserver2022_ubuntu_jdk_domain.1727321134.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=d970464af3b13b8301b3a93233d445b6c242696bc2679cc1f0bf9e8ac5d2db0f&X-Amz-Date=20251209T124457Z"} [2025-12-09 20:44:58.259] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:44:58.259] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:44:58.259] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:44:58.259] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:44:58.259] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:44:58.259] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:44:58.554] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID47-tls1.2CS4.8_windowsserver2022_ubuntu_jdk_domain.1727321134.jsonl|result:{"code": 1, "total_count": 39, "alert_count": 39, "abnormal_count": 39, "normal_count": 0, "timestamp": 1765284298259, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50870, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9086575410978172, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50873, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9090169118897937, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50865, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9443660054268475, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50881, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.6898060834333194, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50864, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.8809978118007479, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50889, "dest_port": 8989, "y_pred": 3, "y_pred_proba_max": 0.671387251971141, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50868, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9990665065455986, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50878, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.8731125180512054, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50886, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9668897410238606, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50875, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9358468101055922, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50853, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.7937381837266143, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50867, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9132920345752669, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50871, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.7527580591573758, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50854, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9857363225232365, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50859, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.894803093088593, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50887, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9467921846697748, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50866, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9987079820963567, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50852, "dest_port": 8989, "y_pred": 3, "y_pred_proba_max": 0.9385449940053762, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50888, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.7256314247788201, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50861, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.8547055283695889, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50869, "dest_port": 8989, "y_pred": 3, "y_pred_proba_max": 0.5339762245236795, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50855, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.7966402524077407, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50879, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.8375426995319284, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50883, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.7328029930638451, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50858, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.8276649262363052, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50851, "dest_port": 8989, "y_pred": 2, "y_pred_proba_max": 0.6440316826323339, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50862, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9286163056869917, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50863, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.8180493334619071, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50856, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9669498006426231, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50877, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9252905224143253, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50880, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.8254816128367551, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50885, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.8115223141513391, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50857, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9685162436371995, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50860, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.858244580549359, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50872, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.942413063339364, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50874, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9880361204216129, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50876, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9144480779556886, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50884, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.8232839041969212, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50882, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.8932607779518871, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:44:58.554] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 39|max_alert: 1000 [2025-12-09 20:44:58.554] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:44:58.554] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:44:58.554] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:45:01.504] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25473 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID48-tls1.2CS4.8_windowsserver2022_ubuntu_openjdk_domain.1727318066.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID48-tls1.2CS4.8_windowsserver2022_ubuntu_openjdk_domain.1727318066.jsonl?X-Amz-Signature=9f8707e1ebfca3ec4938fae4f188236991121f9037da2bd99cd2e50bdb38b10d&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T124500Z"} [2025-12-09 20:45:01.504] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:45:01.504] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:45:01.504] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:45:01.504] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:45:01.504] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:45:01.505] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:45:01.813] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID48-tls1.2CS4.8_windowsserver2022_ubuntu_openjdk_domain.1727318066.jsonl|result:{"code": 1, "total_count": 37, "alert_count": 37, "abnormal_count": 37, "normal_count": 0, "timestamp": 1765284301505, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50129, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.971489924590687, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50118, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.6992374941806302, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50098, "dest_port": 8989, "y_pred": 3, "y_pred_proba_max": 0.5701729000730629, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50122, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.6108532678298093, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50104, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.6648515753386599, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50085, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.7791330281890387, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50134, "dest_port": 8989, "y_pred": 3, "y_pred_proba_max": 0.9062006682329576, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50096, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.763965145813108, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50135, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.7893572845930441, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50084, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.8586693325546743, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50132, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.898687781095084, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50114, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.8497999090339813, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50105, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.7309422771877541, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50128, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9750176660170545, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50112, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.871951138483863, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50106, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.7748149765103765, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50131, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9834435147479796, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50110, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9820896648045526, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50108, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9850268387987403, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50102, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.8261123446443487, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50100, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.718841551205348, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50119, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.7618168787715726, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50125, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9672233464087546, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50133, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.7589125672099128, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50113, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9614773607185583, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50116, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9835429257678272, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50120, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.8150620872747658, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50115, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.8716565470654023, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50099, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.7069786763221791, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50123, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.926987155332866, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50124, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.48181535099249023, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50127, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9616256332792846, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50103, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.7372820449317844, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50107, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9119420401499598, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50121, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9794226439786593, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50126, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.8599087575066164, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50117, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9001571335137907, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:45:01.813] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 37|max_alert: 1000 [2025-12-09 20:45:01.813] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:45:01.813] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:45:01.813] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:45:04.747] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24370 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID46-tls.12CS4.8_windowsserver2022_kali_openjdk_IP.1727322514.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID46-tls.12CS4.8_windowsserver2022_kali_openjdk_IP.1727322514.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=35b491b922d6d83d4931bfc9b8e9c7f92b68c9df7e5dc2fd4363900e77150ca2&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T124504Z&X-Amz-Expires=604800"} [2025-12-09 20:45:04.747] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:45:04.747] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:45:04.748] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:45:04.748] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:45:04.748] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:45:04.748] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:45:05.019] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID46-tls.12CS4.8_windowsserver2022_kali_openjdk_IP.1727322514.jsonl|result:{"code": 1, "total_count": 36, "alert_count": 36, "abnormal_count": 36, "normal_count": 0, "timestamp": 1765284304748, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51279, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.697213254272969, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51299, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8033918042907015, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51292, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8048179635237208, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51275, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5730388340899024, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51286, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5388659552682039, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51297, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9425762063272859, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51293, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9202367310757953, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51282, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.816204846088684, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51294, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8322252172723574, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51305, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5607299303308504, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51306, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9501611942025454, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51300, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5166475614544926, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51303, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7604554484682853, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51301, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7410487246950258, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51302, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5093779860895955, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51288, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8145941636711616, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51277, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7948467704035493, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51296, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9000842505438266, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51278, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9563526221548122, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51274, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8701115566486514, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51272, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8040866000370863, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51271, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.6116856652489504, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51285, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.69140607612642, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51281, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9584660158262098, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51298, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8160288908736042, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51304, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7866268078941436, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51291, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9629547323162946, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51280, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8923640010871082, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51276, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6239073558624315, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51284, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5507294747419299, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51287, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7358911790338485, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51273, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5028057287952507, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51295, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5215912729198179, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51283, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8381916295656497, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51290, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9706816042985499, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51289, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7353155228033567, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:45:05.019] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 36|max_alert: 1000 [2025-12-09 20:45:05.019] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:45:05.019] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:45:05.019] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:45:07.934] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25474 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID36-tls1.2CS4.8_windowsserver2008_ubuntu_openjdk_domain.1727407534.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID36-tls1.2CS4.8_windowsserver2008_ubuntu_openjdk_domain.1727407534.jsonl?X-Amz-Date=20251209T124507Z&X-Amz-Expires=604800&X-Amz-Signature=bcf52d79377f9064e3021de558a849929423d4f07a38a8b87ddd2d921c84ce7d&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-09 20:45:07.934] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:45:07.934] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:45:07.934] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:45:07.934] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:45:07.934] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:45:07.935] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:45:08.272] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID36-tls1.2CS4.8_windowsserver2008_ubuntu_openjdk_domain.1727407534.jsonl|result:{"code": 0, "total_count": 62, "alert_count": 0, "abnormal_count": 0, "normal_count": 62, "timestamp": 1765284307935, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 20:45:08.272] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 20:45:08.272] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:45:11.136] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25124 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai6zwlkhflow1zwrkh.1726646047.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai6zwlkhflow1zwrkh.1726646047.jsonl?X-Amz-Signature=d0524b46e9d16ef8681036ee4ef0ced6eefca10cac9b46563a83656cab64dc8e&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T124510Z&X-Amz-Expires=604800"} [2025-12-09 20:45:11.136] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:45:11.136] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:45:11.137] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:45:11.137] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:45:11.137] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:45:11.137] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:45:11.321] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai6zwlkhflow1zwrkh.1726646047.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765284311137, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49307, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8617739498778506, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:45:11.321] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:45:11.321] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:45:11.321] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:45:11.321] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:45:14.247] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25125 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID36-httpCS4.8_windowsserver2008_ubuntu_openjdk_domain1.1727406879.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID36-httpCS4.8_windowsserver2008_ubuntu_openjdk_domain1.1727406879.jsonl?X-Amz-Signature=a4fff85f64c82f8ef7a06729f711c2c5025909eba6e8568cc20f9bb58ba2d07e&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T124513Z"} [2025-12-09 20:45:14.247] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:45:14.247] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:45:14.247] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:45:14.247] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:45:14.247] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:45:14.248] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:45:14.520] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID36-httpCS4.8_windowsserver2008_ubuntu_openjdk_domain1.1727406879.jsonl|result:{"code": 1, "total_count": 109, "alert_count": 109, "abnormal_count": 109, "normal_count": 0, "timestamp": 1765284314248, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49541, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49591, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49562, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49554, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49567, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49563, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49574, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49594, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49596, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49598, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49566, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49558, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49599, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49601, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49546, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49602, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49605, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49552, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49607, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49608, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49532, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49549, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49550, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49551, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49613, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49625, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49557, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49533, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49548, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49560, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49586, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49600, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49559, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49538, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49528, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49610, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49624, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49569, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49578, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49519, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49589, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49537, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49580, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49582, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49587, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49604, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49622, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49564, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49617, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49547, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49576, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49572, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49606, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49612, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49616, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49620, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49523, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49526, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49536, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49540, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49531, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49556, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49618, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49621, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49609, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49520, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49597, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49619, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49542, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49518, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49543, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49592, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49583, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49593, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49553, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49584, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49623, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49611, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49527, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49545, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49615, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49590, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49561, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49529, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49555, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49570, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49588, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49525, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49573, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49595, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49568, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49603, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49579, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49565, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49614, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49571, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49517, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49521, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49530, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49575, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49577, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49534, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49539, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49524, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49535, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49544, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49581, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49585, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49522, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:45:14.521] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 109|max_alert: 1000 [2025-12-09 20:45:14.521] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:45:14.521] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:45:14.521] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:45:17.406] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24371 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID3_CS4.8_win11_Ubuntu_jdk_Domain_tls1.2.1727153252.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID3_CS4.8_win11_Ubuntu_jdk_Domain_tls1.2.1727153252.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=f4784eaf316718e179250a14f3d4dab56f35bc8c8ee23957bd322bebe6e31f5b&X-Amz-Date=20251209T124516Z"} [2025-12-09 20:45:17.406] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:45:17.406] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:45:17.406] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:45:17.406] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:45:17.406] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:45:17.406] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:45:17.713] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID3_CS4.8_win11_Ubuntu_jdk_Domain_tls1.2.1727153252.jsonl|result:{"code": 1, "total_count": 50, "alert_count": 50, "abnormal_count": 50, "normal_count": 0, "timestamp": 1765284317406, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55771, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.6655183778486636, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55740, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9509407523399885, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55757, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9018609776120557, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55762, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8060050992110214, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55765, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8082570629330488, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55751, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9351000623192666, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55753, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.8178530026045628, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55770, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.7055188686634016, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55766, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9468432560671992, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55737, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8840195900392837, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55763, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8547033520287153, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55782, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9993492786899891, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55750, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.8727883999793692, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55755, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.8824175204655595, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55776, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.7232195385080333, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55739, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9997332986261173, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55773, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8885705905332233, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55733, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55761, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9753706230958025, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55764, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9660669788621685, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55748, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.6553977800336624, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55779, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9070342448971367, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55743, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.7833432637781245, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55778, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.923758062268316, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55741, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9033748237310683, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55781, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.959363640939148, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55783, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.5697049142736668, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55775, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.76283701400971, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55777, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.6380647408091236, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55742, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9612191579263706, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55747, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8117216190323515, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55772, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9055197784060736, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55784, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9018141460896643, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55756, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9980108617979756, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55785, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.8418988134805507, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55746, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9995514046067615, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55769, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.6814547457880828, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55734, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9978528130042571, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55745, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.7952068747971088, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55744, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9089855773967718, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55758, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.5598510653754684, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55754, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9585970583298099, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55767, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9247928845915304, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55749, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9383670757759202, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55780, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8676978242202457, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55738, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.81096133653845, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55760, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.97975456793738, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55768, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9642452890491118, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55752, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8317932220150451, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55774, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8799044260825759, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:45:17.713] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 50|max_alert: 1000 [2025-12-09 20:45:17.713] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:45:17.713] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:45:17.713] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:45:20.564] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24372 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID36-tls1.2CS4.8_windowsserver2008_ubuntu_openjdk_IP.1727406669.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID36-tls1.2CS4.8_windowsserver2008_ubuntu_openjdk_IP.1727406669.jsonl?X-Amz-Date=20251209T124520Z&X-Amz-Expires=604800&X-Amz-Signature=1384998bba8c31eb6a9ce3207173234a2a3525474bc8265faedf17ecf4b61497&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:45:20.564] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:45:20.564] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:45:20.564] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:45:20.564] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:45:20.564] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:45:20.564] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:45:20.894] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID36-tls1.2CS4.8_windowsserver2008_ubuntu_openjdk_IP.1727406669.jsonl|result:{"code": 0, "total_count": 58, "alert_count": 0, "abnormal_count": 0, "normal_count": 58, "timestamp": 1765284320564, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-09 20:45:20.894] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-09 20:45:20.894] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:45:23.766] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25475 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai5zwlkhflow1zwrkh.1726645925.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai5zwlkhflow1zwrkh.1726645925.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T124523Z&X-Amz-Expires=604800&X-Amz-Signature=4509e359573f58da998bc53928abfebbd8759e4f37202e1e41959f432008a02f"} [2025-12-09 20:45:23.766] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:45:23.766] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:45:23.766] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:45:23.766] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:45:23.766] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:45:23.767] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:45:23.957] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai5zwlkhflow1zwrkh.1726645925.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765284323767, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49306, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.4204794871996367, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:45:23.957] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:45:23.957] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:45:23.957] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:45:23.957] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:45:26.958] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24373 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai5zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49306.1726645925.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai5zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49306.1726645925.jsonl?X-Amz-Signature=5b4b895c305810b576213c3ace1c7bf7457f9ca3c6f263111311a0b993fe39d4&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T124526Z"} [2025-12-09 20:45:26.958] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:45:26.958] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:45:26.958] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:45:26.958] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:45:26.958] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:45:26.958] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:45:27.156] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai5zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49306.1726645925.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765284326959, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49306, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.4204794871996367, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:45:27.156] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:45:27.156] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:45:27.156] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:45:27.156] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:45:30.133] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25126 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai6zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49307.1726646047.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai6zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49307.1726646047.jsonl?X-Amz-Date=20251209T124529Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=5db283c1d03089e7359da47366a020cdb491a98a71b63012dc77598074a51519&X-Amz-Expires=604800"} [2025-12-09 20:45:30.133] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:45:30.133] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:45:30.133] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:45:30.133] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:45:30.133] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:45:30.133] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:45:30.319] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai6zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49307.1726646047.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765284330134, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49307, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8617739498778506, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:45:30.319] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:45:30.319] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:45:30.319] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:45:30.319] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:45:33.264] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25476 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID4_CS4.8_win11_Ubuntu_openjdk_IP_http.1727056582.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID4_CS4.8_win11_Ubuntu_openjdk_IP_http.1727056582.jsonl?X-Amz-Signature=b2d98a0dafce9fa3117f5c135c9dc01d2e77013e730b709d641dd809f2b496c2&X-Amz-Date=20251209T124532Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 20:45:33.264] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:45:33.264] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:45:33.264] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:45:33.265] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:45:33.265] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:45:33.265] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:45:33.548] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID4_CS4.8_win11_Ubuntu_openjdk_IP_http.1727056582.jsonl|result:{"code": 1, "total_count": 116, "alert_count": 116, "abnormal_count": 116, "normal_count": 0, "timestamp": 1765284333265, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57847, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57777, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57795, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57770, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57797, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57826, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57813, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57760, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57837, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57775, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57773, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57793, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57733, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57756, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57805, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57801, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57825, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57843, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57788, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57851, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57767, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57778, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57746, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57848, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57791, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57779, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57799, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57755, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57796, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57741, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57745, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57766, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57749, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57816, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57765, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57818, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57824, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57794, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57838, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57833, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57737, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57783, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57786, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57842, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57807, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57829, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57790, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57804, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57734, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57798, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57819, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57831, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57845, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57834, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57782, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57774, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57748, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57811, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57841, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57849, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57839, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57762, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57758, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57753, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57810, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57761, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57806, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57740, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57820, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57830, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57853, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57757, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57754, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57812, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57835, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57844, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57846, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57763, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57744, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57759, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57784, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57789, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57738, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57827, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57752, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57771, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57836, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57780, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57769, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57776, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57815, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57850, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57750, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57747, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57792, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57739, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57814, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57764, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57772, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57781, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57803, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57809, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57821, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57832, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57751, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57817, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57800, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57828, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57822, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57787, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57768, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57743, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57852, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57840, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57742, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57785, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:45:33.548] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 116|max_alert: 1000 [2025-12-09 20:45:33.548] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:45:33.548] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:45:33.548] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:45:36.418] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25127 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID4_CS4.8_win11_Ubuntu_openjdk_IP_tls1.2.1727149393.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID4_CS4.8_win11_Ubuntu_openjdk_IP_tls1.2.1727149393.jsonl?X-Amz-Signature=002116b2090266cf8cef2645eabcf23286b5e9d291f959cbe85a45315e2f6304&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T124535Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:45:36.418] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:45:36.418] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:45:36.418] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:45:36.418] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:45:36.418] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:45:36.418] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:45:36.768] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID4_CS4.8_win11_Ubuntu_openjdk_IP_tls1.2.1727149393.jsonl|result:{"code": 1, "total_count": 53, "alert_count": 53, "abnormal_count": 53, "normal_count": 0, "timestamp": 1765284336418, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55297, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8146611049703795, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55306, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8143541343744756, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55325, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.675353970758618, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55278, "dest_port": 801, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55307, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9699255769571519, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55324, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9288239754896603, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55354, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.4887603345685281, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55327, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5218291895701854, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55331, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9757889719490143, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55355, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7900698753293837, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55300, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9253676240794698, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55309, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9995285530278931, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55292, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6870128355777025, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55317, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9965954908729969, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55318, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7996175642589001, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55323, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9172168534471582, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55280, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9616723266915252, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55319, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9997402028824827, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55316, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9993601422373508, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55315, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9974889058343238, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55322, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7152284451674374, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55312, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8695374059769033, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55326, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8629755804593437, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55321, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9607788471748037, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55329, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.898154187654644, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55332, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6472111569418415, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55313, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8368993020193161, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55296, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.634707452375565, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55333, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9050873831964785, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55308, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6083067231669342, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55338, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8478838248127611, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55356, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9304468765265574, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55359, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7598806437688925, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55360, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7385442222169135, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55361, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8100636450598144, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55335, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7619847586181452, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55320, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7222691593715134, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55362, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9238174769152541, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55294, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7680481978959787, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55298, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9111846607312254, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55299, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6630038430357242, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55301, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8435108728323177, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55310, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9188646387493684, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55303, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7274823559003951, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55357, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9509454514053891, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55295, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.58448572041036, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55311, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9048639331269192, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55336, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9753992331683569, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55314, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8821411186076509, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55328, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6413131103626841, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55305, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8149549171125912, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55330, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9401059486703537, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55302, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9989212555670739, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:45:36.768] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 53|max_alert: 1000 [2025-12-09 20:45:36.768] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:45:36.768] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:45:36.768] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:45:39.610] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25477 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID11-tls1.2CS4.8_win8.1_ubuntu_jdk_domain.1727153847.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID11-tls1.2CS4.8_win8.1_ubuntu_jdk_domain.1727153847.jsonl?X-Amz-Date=20251209T124539Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=b8b9f17c42e374fd7ca22575cc7fde88751b7216fbb577503af8c3160dcb8738"} [2025-12-09 20:45:39.610] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:45:39.610] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:45:39.611] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:45:39.611] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:45:39.611] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:45:39.611] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:45:39.877] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID11-tls1.2CS4.8_win8.1_ubuntu_jdk_domain.1727153847.jsonl|result:{"code": 1, "total_count": 34, "alert_count": 34, "abnormal_count": 34, "normal_count": 0, "timestamp": 1765284339612, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49416, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8977734259902608, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49431, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9879095090279174, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49415, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9960597405930346, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49402, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49428, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9789474563902498, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49410, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8960318461895338, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49432, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9897524532255348, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49404, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.8738856328220531, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49421, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9843258939230892, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49412, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.7287212600764338, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49429, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9414075686129025, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49407, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9920884466485065, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49425, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9861893046876741, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49411, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.5107493027664829, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49403, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.5873185016117867, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49414, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.985621236830855, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49423, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9149301584920053, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49408, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9962526329265244, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49424, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9980392432811638, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49417, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9793530095856338, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49422, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.777313846751963, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49434, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.7984059578276932, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49435, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9549480056083078, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49420, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9904248798312952, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49406, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9650048578752779, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49405, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8850974462990425, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49419, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9282945322195262, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49430, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9830939982448673, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49409, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.6663949489576614, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49413, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9899980533553896, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49433, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9950217496004972, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49426, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.7984125433015188, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49427, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9777739228855149, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49418, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.6603091940974719, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:45:39.877] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 34|max_alert: 1000 [2025-12-09 20:45:39.877] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:45:39.877] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:45:39.877] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:45:42.759] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25128 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID15-tls1.2CS4.8_win8_ubuntu_jdk_domain.1727154653.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID15-tls1.2CS4.8_win8_ubuntu_jdk_domain.1727154653.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=68e3bfafbd53bcab0e0e517c1569360173139d8ee8922d5bd8b23d7e0308768a&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T124542Z"} [2025-12-09 20:45:42.760] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:45:42.760] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:45:42.760] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:45:42.760] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:45:42.760] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:45:42.760] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:45:43.039] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID15-tls1.2CS4.8_win8_ubuntu_jdk_domain.1727154653.jsonl|result:{"code": 1, "total_count": 39, "alert_count": 39, "abnormal_count": 39, "normal_count": 0, "timestamp": 1765284342760, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50144, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9862418834056705, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50117, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9623146129936638, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50124, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9242587761522965, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50142, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8851627978662158, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50145, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.7669729837863496, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50127, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9973909769577917, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50139, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.6934389090137082, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50110, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50114, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9538442524972903, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50137, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9623293435846844, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50143, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9748573010572472, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50123, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9843862542947249, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50134, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.6014279665449264, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50121, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.769716356414822, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50135, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.885018937516398, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50140, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9585828459699253, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50125, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8365610239947199, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50113, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9208958486363774, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50119, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8020318674320587, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50132, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8533990439229215, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50136, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8593241123225765, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50126, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.65550115738094, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50120, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.5681234747612016, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50111, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.973242883735073, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50150, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.5901932017800697, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50133, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.7195574535556031, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50138, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8043869189222252, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50122, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9179650129979977, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50130, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8694926787112048, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50141, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8624661631950974, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50116, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9229804239986547, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50128, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9394904623337497, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50146, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.7348213289332016, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50147, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9601712092562372, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50148, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.5851909677803341, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50118, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8564512116079878, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50131, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8872084155295791, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50149, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9414386296593856, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50115, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.7354945951160314, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:45:43.039] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 39|max_alert: 1000 [2025-12-09 20:45:43.039] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:45:43.039] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:45:43.039] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:45:45.882] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24374 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID44-httpCS4.8_windowsserver2016_ubuntu_openjdk_IP.1727401095.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID44-httpCS4.8_windowsserver2016_ubuntu_openjdk_IP.1727401095.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T124545Z&X-Amz-Signature=e2ab060dcd5b6d31de1512f7c95e5aab4c6f2b1f0173e70d821031d86a50c54e"} [2025-12-09 20:45:45.882] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:45:45.882] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:45:45.883] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:45:45.883] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:45:45.883] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:45:45.883] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:45:46.173] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID44-httpCS4.8_windowsserver2016_ubuntu_openjdk_IP.1727401095.jsonl|result:{"code": 1, "total_count": 96, "alert_count": 96, "abnormal_count": 96, "normal_count": 0, "timestamp": 1765284345883, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50254, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50251, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50241, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50327, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50256, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50260, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50315, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50257, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50323, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50298, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50300, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50285, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50261, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50274, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50282, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50279, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50293, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50302, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50263, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50308, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50269, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50311, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50297, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50253, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50264, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50301, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50250, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50294, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50306, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50314, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50252, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50319, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50236, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50248, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50295, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50246, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50328, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50240, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50247, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50288, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50310, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50303, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50243, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50276, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50326, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50242, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50272, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50321, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50234, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50296, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50235, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50265, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50238, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50245, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50233, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50258, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50271, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50304, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50278, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50287, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50262, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50283, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50307, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50318, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50320, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50322, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50324, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50239, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50289, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50249, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50270, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50275, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50281, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50267, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50244, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50237, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50268, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50286, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50280, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50309, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50312, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50317, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50284, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50277, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50292, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50273, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50316, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50305, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50325, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50266, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50290, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50259, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50291, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50313, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50299, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50255, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:45:46.173] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 96|max_alert: 1000 [2025-12-09 20:45:46.173] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:45:46.173] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:45:46.173] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:45:49.042] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25129 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID14-tls1.2CS4.8_win8_kali_openjdk_IP.1727156434.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID14-tls1.2CS4.8_win8_kali_openjdk_IP.1727156434.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251209T124548Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=f23a684f5c62a56cd52becf2df0a0d3156fffdb54784b3902acc6359f0458d8a"} [2025-12-09 20:45:49.042] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:45:49.042] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:45:49.042] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:45:49.042] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:45:49.043] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:45:49.043] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:45:49.311] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID14-tls1.2CS4.8_win8_kali_openjdk_IP.1727156434.jsonl|result:{"code": 1, "total_count": 35, "alert_count": 35, "abnormal_count": 35, "normal_count": 0, "timestamp": 1765284349043, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50300, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9707611412282701, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50292, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9386592534090326, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50272, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9838488974032207, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50278, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9397747038281943, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50282, "dest_port": 6443, "y_pred": 1, "y_pred_proba_max": 0.974310735099855, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50277, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.8832299079536802, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50288, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.952836068439696, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50289, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.6570528504319809, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50296, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9077050344805543, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50301, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.8930416725214173, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50274, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9640399471459202, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50294, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9723990766268941, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50284, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9834065790164822, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50297, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.7320739356543786, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50298, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9474021747800131, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50287, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9681575201664929, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50275, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9614753378861609, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50290, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9861391818932039, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50302, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9738030835772703, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50279, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9292933318816733, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50271, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.8569770965099369, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50286, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.8168968561587813, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50293, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9307814544235502, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50299, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9728510000693305, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50270, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.6010970902371278, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50303, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.8983756854521493, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50304, "dest_port": 6443, "y_pred": 1, "y_pred_proba_max": 0.9593849054731214, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50276, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.8707429375970004, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50285, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.7376398959463499, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50291, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9305046562466724, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50295, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9621922064913903, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50280, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.8820614619621302, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50269, "dest_port": 8001, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50273, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9929237084987669, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50281, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.8909460095816071, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:45:49.312] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 35|max_alert: 1000 [2025-12-09 20:45:49.312] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:45:49.312] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:45:49.312] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:45:52.180] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24375 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID10-tls1.2CS4.8_win8.1_kali_openjdk_domain.1727075622.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID10-tls1.2CS4.8_win8.1_kali_openjdk_domain.1727075622.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T124551Z&X-Amz-Signature=7dc31bd504d8ca51b35e4162bc9240dff7ae8657f417412d39b99786b1bd4ac9&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:45:52.180] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:45:52.180] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:45:52.181] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:45:52.181] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:45:52.181] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:45:52.182] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:45:52.441] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID10-tls1.2CS4.8_win8.1_kali_openjdk_domain.1727075622.jsonl|result:{"code": 1, "total_count": 31, "alert_count": 31, "abnormal_count": 31, "normal_count": 0, "timestamp": 1765284352182, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50352, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9874254190089017, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50327, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.8869933406632555, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50331, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.7203337938303351, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50334, "dest_port": 4431, "y_pred": 1, "y_pred_proba_max": 0.6838444534453724, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50342, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9769616947938528, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50345, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.6674409992814986, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50330, "dest_port": 4431, "y_pred": 1, "y_pred_proba_max": 0.560528644405597, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50338, "dest_port": 4431, "y_pred": 1, "y_pred_proba_max": 0.7391651124340441, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50326, "dest_port": 4431, "y_pred": 1, "y_pred_proba_max": 0.7322310277730321, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50332, "dest_port": 4431, "y_pred": 1, "y_pred_proba_max": 0.6821708268644608, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50344, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.950390309105381, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50328, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9884984979672615, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50333, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9679087347025512, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50336, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9734887474147849, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50322, "dest_port": 801, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50348, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9548177269286058, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50349, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9494387905087678, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50341, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.5902493488581578, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50347, "dest_port": 4431, "y_pred": 1, "y_pred_proba_max": 0.5597433793220172, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50323, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9968518882025452, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50335, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9472690167162696, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50329, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.8641107939826398, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50350, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9180016533632116, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50346, "dest_port": 4431, "y_pred": 1, "y_pred_proba_max": 0.8901446468750992, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50343, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9054440897593908, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50339, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9379938882115066, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50325, "dest_port": 4431, "y_pred": 1, "y_pred_proba_max": 0.9064094615639897, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50324, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9712408078529797, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50340, "dest_port": 4431, "y_pred": 1, "y_pred_proba_max": 0.7006360426155985, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50351, "dest_port": 4431, "y_pred": 1, "y_pred_proba_max": 0.718280210835543, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50337, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.93700408935413, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:45:52.441] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 31|max_alert: 1000 [2025-12-09 20:45:52.441] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:45:52.441] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:45:52.441] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:45:55.338] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25130 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID12-tls1.2CS4.8_win8.1_ubuntu_openjdk_domain.1727155214.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID12-tls1.2CS4.8_win8.1_ubuntu_openjdk_domain.1727155214.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T124554Z&X-Amz-Signature=5a532577cb8ba22e0b292c9ca0fc946fba1edb60b617e0715008801130988874&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:45:55.338] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:45:55.338] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:45:55.338] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:45:55.338] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:45:55.338] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:45:55.339] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:45:55.600] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID12-tls1.2CS4.8_win8.1_ubuntu_openjdk_domain.1727155214.jsonl|result:{"code": 1, "total_count": 32, "alert_count": 32, "abnormal_count": 32, "normal_count": 0, "timestamp": 1765284355339, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49472, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9247291725687193, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49476, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9937258154943753, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49483, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8918792605099181, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49488, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.5033989304692638, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49496, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9818744764605243, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49487, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9869312816282917, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49492, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.7780430822961274, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49471, "dest_port": 9443, "y_pred": 2, "y_pred_proba_max": 0.5067881381109904, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49479, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.7061869992419909, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49473, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.7655400941889741, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49498, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9324303379152458, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49495, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.5532942730910129, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49481, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9021868532077724, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49477, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.96489194713486, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49490, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9897713863708071, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49489, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9578843636924549, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49478, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8367971063820575, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49491, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.6805803481585718, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49484, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.5586635692190988, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49493, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8590629490787889, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49468, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49469, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.763841655546708, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49485, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.6438109518094741, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49494, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9757335423592094, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49499, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9916241126439433, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49474, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9795009241987906, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49482, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8823982943430101, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49497, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.7916152190699269, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49480, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.6687453382096504, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49470, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.5689264753531595, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49475, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.6560431069838787, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49486, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9827192990135268, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:45:55.600] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 32|max_alert: 1000 [2025-12-09 20:45:55.600] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:45:55.600] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:45:55.600] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:45:58.529] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25131 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID48-tls1.2CS4.8_windowsserver2022_ubuntu_openjdk_IP.1727315594.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID48-tls1.2CS4.8_windowsserver2022_ubuntu_openjdk_IP.1727315594.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T124558Z&X-Amz-Expires=604800&X-Amz-Signature=2c66347296455d04c010cf036c75ab24ca23e2d1dc22c651045c50c8d77e5a5c&X-Amz-SignedHeaders=host"} [2025-12-09 20:45:58.529] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:45:58.529] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:45:58.529] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:45:58.529] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:45:58.529] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:45:58.529] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:45:58.775] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID48-tls1.2CS4.8_windowsserver2022_ubuntu_openjdk_IP.1727315594.jsonl|result:{"code": 1, "total_count": 27, "alert_count": 27, "abnormal_count": 27, "normal_count": 0, "timestamp": 1765284358530, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49687, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.8463011223715704, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49688, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8863287961258146, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49702, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6912577432184575, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49705, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7279337551503361, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49695, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9812914665164227, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49706, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9565131116524406, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49708, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9624053348835331, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49712, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5536624171743886, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49701, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7777338644529034, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49699, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5859810836293833, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49697, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8021862728062334, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49690, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8504247943134287, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49698, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6471179667415962, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49694, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9792333460775875, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49692, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.863590216048175, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49700, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5890380171341887, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49696, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8604017898140981, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49704, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7332175634242091, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49707, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7552712894918965, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49710, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.770427916560952, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49711, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9201668754843005, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49714, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8580192844596732, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49715, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.661000868654204, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49716, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8065674765718964, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49709, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8472000570458984, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49713, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.712524047039068, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49703, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7704871258264674, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:45:58.775] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 27|max_alert: 1000 [2025-12-09 20:45:58.775] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:45:58.775] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:45:58.775] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:46:01.698] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25478 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID12-tls1.2CS4.8_win8.1_ubuntu_openjdk_IP.1727155060.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID12-tls1.2CS4.8_win8.1_ubuntu_openjdk_IP.1727155060.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T124601Z&X-Amz-SignedHeaders=host&X-Amz-Signature=7e92098014b0ca729cdebc5dafd266fb3697846df653a962005951fde2b16615&X-Amz-Expires=604800"} [2025-12-09 20:46:01.698] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:46:01.698] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:46:01.699] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:46:01.699] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:46:01.699] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:46:01.699] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:46:01.961] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID12-tls1.2CS4.8_win8.1_ubuntu_openjdk_IP.1727155060.jsonl|result:{"code": 1, "total_count": 31, "alert_count": 31, "abnormal_count": 31, "normal_count": 0, "timestamp": 1765284361700, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49463, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9876488757035718, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49464, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9389914042542012, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49447, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.732963176082023, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49450, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9954412186491702, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49462, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9986736503860718, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49453, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7005617694456704, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49440, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6496558237151077, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49452, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.42074736572541055, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49454, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9212576579943165, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49446, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6905798428705913, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49443, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.999346293867044, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49457, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9746609856782628, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49465, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7470505384999679, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49460, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9695739346021492, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49439, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7446922374114299, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49467, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.968124964484979, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49438, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9438490810364881, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49456, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9531576716305213, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49466, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9671490983896524, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49458, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6033923398197748, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49437, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49448, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9921699705271048, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49442, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9639981148533279, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49444, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9620602895540348, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49451, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.908399226558267, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49449, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6132770873825546, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49445, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9595248096831862, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49459, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.49856242078495383, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49461, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9810655882106577, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49455, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.987076687453493, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49441, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9672340479327698, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:46:01.961] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 31|max_alert: 1000 [2025-12-09 20:46:01.961] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:46:01.961] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:46:01.961] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:46:04.809] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25132 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID42-httpCS4.8_windowsserver2016_kali_openjdk_IP.1727338723.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID42-httpCS4.8_windowsserver2016_kali_openjdk_IP.1727338723.jsonl?X-Amz-Signature=24ff717b70b5c474243a42f18107d496ca7ea90185b75d39965ea8c9ce403515&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T124604Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 20:46:04.809] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:46:04.809] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:46:04.809] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:46:04.809] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:46:04.809] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:46:04.810] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:46:05.076] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID42-httpCS4.8_windowsserver2016_kali_openjdk_IP.1727338723.jsonl|result:{"code": 1, "total_count": 95, "alert_count": 95, "abnormal_count": 95, "normal_count": 0, "timestamp": 1765284364810, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53623, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53688, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53642, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53650, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53665, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53695, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53696, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53668, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53634, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53625, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53664, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53613, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53622, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53627, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53617, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53689, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53611, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53690, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53692, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53618, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53603, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53659, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53697, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53685, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53607, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53647, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53637, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53631, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53628, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53669, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53676, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53654, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53644, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53655, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53682, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53624, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53651, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53610, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53639, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53641, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53672, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53652, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53667, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53680, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53656, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53635, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53691, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53629, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53604, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53643, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53662, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53630, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53638, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53619, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53646, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53606, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53663, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53666, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53658, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53679, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53636, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53671, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53686, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53615, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53626, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53681, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53683, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53675, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53608, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53670, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53633, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53678, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53653, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53614, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53605, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53687, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53674, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53645, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53640, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53632, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53612, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53620, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53677, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53684, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53660, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53694, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53609, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53661, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53616, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53649, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53673, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53693, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53657, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53648, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53621, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:46:05.076] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 95|max_alert: 1000 [2025-12-09 20:46:05.076] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:46:05.076] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:46:05.076] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:46:07.929] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24376 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID41-httpCS4.8_windowsserver2016_kali_jdk_domain3.1727337565.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID41-httpCS4.8_windowsserver2016_kali_jdk_domain3.1727337565.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=fc8ee7fd3e052569b54191341b81d08ea7e3261dc4829fac73befce4dcb41e28&X-Amz-Date=20251209T124607Z"} [2025-12-09 20:46:07.929] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:46:07.929] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:46:07.929] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:46:07.929] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:46:07.929] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:46:07.930] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:46:08.226] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID41-httpCS4.8_windowsserver2016_kali_jdk_domain3.1727337565.jsonl|result:{"code": 1, "total_count": 90, "alert_count": 90, "abnormal_count": 90, "normal_count": 0, "timestamp": 1765284367930, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52024, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52033, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52059, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52075, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52090, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52045, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52034, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52072, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52044, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52107, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52080, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52085, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52104, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52071, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52081, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52052, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52051, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52082, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52022, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52029, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52054, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52064, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52074, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52079, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52088, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52093, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52097, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52109, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52103, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52073, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52032, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52055, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52087, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52041, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52046, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52101, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52106, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52077, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52040, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52050, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52026, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52063, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52095, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52102, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52031, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52043, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52058, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52056, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52039, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52094, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52028, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52025, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52020, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52057, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52035, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52066, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52083, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52038, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52021, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52030, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52047, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52076, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52089, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52048, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52100, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52067, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52108, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52096, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52105, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52062, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52092, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52099, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52049, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52037, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52098, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52061, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52023, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52065, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52068, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52084, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52086, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52036, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52091, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52078, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52069, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52070, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52027, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52053, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52042, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52060, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:46:08.226] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 90|max_alert: 1000 [2025-12-09 20:46:08.226] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:46:08.226] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:46:08.226] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:46:11.159] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24377 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai6zwlkhflow1zwrkh.1726643864.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai6zwlkhflow1zwrkh.1726643864.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=f376447ed3cd181c4f5d560502e85b957f3b4409519cdf1241bddfcfde6b6793&X-Amz-Date=20251209T124610Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-09 20:46:11.160] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:46:11.160] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:46:11.160] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:46:11.160] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:46:11.160] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:46:11.160] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:46:11.345] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai6zwlkhflow1zwrkh.1726643864.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765284371160, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49298, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8750513333759599, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:46:11.345] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:46:11.345] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:46:11.345] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:46:11.345] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:46:14.327] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24378 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai6zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49298.1726643864.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai6zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49298.1726643864.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=1ab1006bbcc608df8c910da1bfc3f1c93203cc8fd227cc0433e4998db888845e&X-Amz-Date=20251209T124613Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-09 20:46:14.327] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:46:14.327] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:46:14.328] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:46:14.328] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:46:14.328] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:46:14.328] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:46:14.514] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai6zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49298.1726643864.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765284374328, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49298, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8750513333759599, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:46:14.514] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:46:14.514] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:46:14.514] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:46:14.514] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:46:17.501] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25479 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai5zwlkhflow1zwrkh.1726643632.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai5zwlkhflow1zwrkh.1726643632.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T124617Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=aebe0aa8d3844722b386f66bf4b08eedb0e64aa538d3951682341c8c4482a488"} [2025-12-09 20:46:17.501] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:46:17.501] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:46:17.501] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:46:17.501] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:46:17.501] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:46:17.501] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:46:17.691] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai5zwlkhflow1zwrkh.1726643632.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765284377502, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49297, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.6066608043383468, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:46:17.691] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:46:17.691] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:46:17.691] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:46:17.691] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:46:20.677] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25480 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai5zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49297.1726643632.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai5zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49297.1726643632.jsonl?X-Amz-Date=20251209T124620Z&X-Amz-Expires=604800&X-Amz-Signature=0b77a8f82d1fb8c690e2ff418639bb7fb76a7787e8df0eb0c755ec951ec37b74&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-09 20:46:20.677] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:46:20.677] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:46:20.677] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:46:20.677] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:46:20.677] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:46:20.677] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:46:20.863] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai5zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49297.1726643632.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765284380678, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49297, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.6066608043383468, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:46:20.863] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:46:20.863] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:46:20.863] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:46:20.863] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:46:23.793] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25481 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID42-httpCS4.8_windowsserver2016_kali_openjdk_domain2.1727339870.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID42-httpCS4.8_windowsserver2016_kali_openjdk_domain2.1727339870.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=2381bfc71ab72f9277b59dd85f506e27c1488b9de23edfb496b27ff0578626f1&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T124623Z&X-Amz-Expires=604800"} [2025-12-09 20:46:23.793] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:46:23.793] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:46:23.793] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:46:23.793] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:46:23.793] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:46:23.794] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:46:24.060] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID42-httpCS4.8_windowsserver2016_kali_openjdk_domain2.1727339870.jsonl|result:{"code": 1, "total_count": 95, "alert_count": 95, "abnormal_count": 95, "normal_count": 0, "timestamp": 1765284383794, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54100, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54106, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54166, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54182, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54156, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54103, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54098, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54146, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54157, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54118, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54108, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54120, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54136, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54138, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54184, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54101, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54110, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54097, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54129, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54148, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54179, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54185, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54115, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54125, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54147, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54174, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54094, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54124, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54167, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54164, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54152, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54121, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54093, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54131, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54104, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54153, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54102, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54175, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54172, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54177, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54150, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54163, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54155, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54096, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54095, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54151, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54173, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54176, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54170, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54187, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54144, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54181, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54137, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54113, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54116, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54135, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54107, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54109, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54117, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54140, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54162, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54105, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54134, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54149, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54126, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54143, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54165, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54119, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54111, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54127, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54158, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54112, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54128, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54132, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54159, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54099, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54122, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54154, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54180, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54183, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54178, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54130, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54171, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54161, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54160, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54123, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54186, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54133, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54139, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54142, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54141, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54145, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54168, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54169, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54114, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:46:24.060] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 95|max_alert: 1000 [2025-12-09 20:46:24.060] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:46:24.060] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:46:24.060] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:46:26.911] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24379 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID36-httpCS4.8_windowsserver2008_ubuntu_openjdk_IP.1727406093.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID36-httpCS4.8_windowsserver2008_ubuntu_openjdk_IP.1727406093.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T124626Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=bcfa2992c276cd1fdb4610309684f447138b2e7e61d4decc84b3c2ec6724c562"} [2025-12-09 20:46:26.911] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:46:26.911] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:46:26.911] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:46:26.911] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:46:26.911] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:46:26.912] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:46:27.166] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID36-httpCS4.8_windowsserver2008_ubuntu_openjdk_IP.1727406093.jsonl|result:{"code": 1, "total_count": 83, "alert_count": 83, "abnormal_count": 83, "normal_count": 0, "timestamp": 1765284386912, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49260, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49243, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49300, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49229, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49234, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49256, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49244, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49251, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49254, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49226, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49272, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49258, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49288, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49289, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49231, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49302, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49275, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49287, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49242, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49291, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49308, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49279, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49266, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49227, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49264, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49252, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49253, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49235, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49246, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49230, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49255, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49271, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49249, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49265, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49274, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49283, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49280, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49295, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49241, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49245, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49259, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49305, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49233, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49240, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49247, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49248, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49236, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49294, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49277, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49290, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49301, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49293, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49276, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49297, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49262, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49239, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49285, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49282, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49238, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49257, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49261, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49286, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49303, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49304, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49263, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49228, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49268, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49250, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49278, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49237, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49284, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49306, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49296, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49232, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49270, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49273, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49298, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49299, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49307, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49267, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49281, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49292, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49269, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:46:27.166] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 83|max_alert: 1000 [2025-12-09 20:46:27.166] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:46:27.166] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:46:27.166] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:46:30.096] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25133 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai6zwlkhflow1zwrkh.1726645691.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai6zwlkhflow1zwrkh.1726645691.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=68a23c52711e49c5be04b690a40edd9132343b824ac6291e2edc22be85af4fbf&X-Amz-Date=20251209T124629Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 20:46:30.096] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:46:30.096] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:46:30.096] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:46:30.096] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:46:30.096] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:46:30.097] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:46:30.281] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai6zwlkhflow1zwrkh.1726645691.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765284390097, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49304, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.6123066711493411, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:46:30.281] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:46:30.281] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:46:30.281] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:46:30.281] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:46:33.218] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25134 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID43-httpCS4.8_windowsserver2016_ubuntu_jdk_IP.1727342458.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID43-httpCS4.8_windowsserver2016_ubuntu_jdk_IP.1727342458.jsonl?X-Amz-Date=20251209T124632Z&X-Amz-SignedHeaders=host&X-Amz-Signature=115c117dc6d610d76eb45582fe25d6fdd3bd6fe3c694e304900de9484607ecbb&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:46:33.218] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:46:33.218] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:46:33.218] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:46:33.218] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:46:33.218] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:46:33.218] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:46:33.471] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID43-httpCS4.8_windowsserver2016_ubuntu_jdk_IP.1727342458.jsonl|result:{"code": 1, "total_count": 81, "alert_count": 81, "abnormal_count": 81, "normal_count": 0, "timestamp": 1765284393218, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55426, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55428, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55399, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55391, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55452, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55397, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55448, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55409, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55396, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55383, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55403, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55441, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55442, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55439, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55447, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55390, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55449, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55435, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55405, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55437, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55419, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55440, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55374, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55413, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55416, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55387, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55380, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55402, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55392, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55400, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55401, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55411, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55414, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55420, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55421, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55389, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55377, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55415, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55418, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55434, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55450, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55445, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55381, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55408, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55427, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55433, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55438, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55425, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55388, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55382, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55432, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55375, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55378, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55393, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55394, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55429, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55404, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55384, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55398, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55430, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55431, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55444, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55454, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55385, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55443, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55395, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55407, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55446, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55424, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55379, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55451, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55423, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55386, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55453, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55412, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55417, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55422, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55436, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55406, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55376, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55410, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:46:33.471] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 81|max_alert: 1000 [2025-12-09 20:46:33.471] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:46:33.471] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:46:33.471] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:46:36.385] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24380 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID43-httpCS4.8_windowsserver2016_ubuntu_jdk_domain1.1727399825.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID43-httpCS4.8_windowsserver2016_ubuntu_jdk_domain1.1727399825.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=3447076bf630c72f505b14a3438572d4c710bb1072d53f33113c6d3a1be8c9ac&X-Amz-Date=20251209T124635Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-09 20:46:36.386] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:46:36.386] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:46:36.386] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:46:36.386] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:46:36.386] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:46:36.387] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:46:36.636] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID43-httpCS4.8_windowsserver2016_ubuntu_jdk_domain1.1727399825.jsonl|result:{"code": 1, "total_count": 78, "alert_count": 78, "abnormal_count": 78, "normal_count": 0, "timestamp": 1765284396387, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49945, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49964, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49982, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49927, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49973, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49940, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49947, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49951, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49959, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49980, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49921, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49929, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49966, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49923, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49954, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49970, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49965, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49948, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49926, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49933, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49971, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49987, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49930, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49931, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49928, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49968, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49935, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49953, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49952, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49984, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49955, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49978, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49920, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49985, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49961, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49941, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49956, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49949, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49975, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49976, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49981, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49936, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49990, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49991, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49924, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49934, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49919, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49977, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49974, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49992, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49983, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49918, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49988, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49946, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49979, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49922, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49915, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49960, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49989, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49944, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49957, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49916, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49993, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49958, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49932, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49969, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49972, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49937, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49950, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49925, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49938, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49943, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49942, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49939, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49986, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49963, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49962, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49967, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:46:36.636] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 78|max_alert: 1000 [2025-12-09 20:46:36.636] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:46:36.636] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:46:36.636] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:46:39.503] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25482 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID36-httpCS4.8_windowsserver2008_ubuntu_openjdk_domain3.1727407340.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID36-httpCS4.8_windowsserver2008_ubuntu_openjdk_domain3.1727407340.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251209T124639Z&X-Amz-Signature=ce711e2e143f144e9bfbbe064d64366239d8e30d6889e264fd7826c31a6748ca"} [2025-12-09 20:46:39.503] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:46:39.503] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:46:39.503] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:46:39.503] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:46:39.503] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:46:39.503] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:46:39.756] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID36-httpCS4.8_windowsserver2008_ubuntu_openjdk_domain3.1727407340.jsonl|result:{"code": 1, "total_count": 82, "alert_count": 82, "abnormal_count": 82, "normal_count": 0, "timestamp": 1765284399504, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49762, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49757, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49702, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49703, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49750, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49766, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49717, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49723, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49747, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49744, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49736, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49759, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49772, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49707, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49732, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49739, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49773, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49771, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49712, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49741, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49731, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49767, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49774, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49721, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49709, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49737, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49706, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49758, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49760, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49775, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49749, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49770, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49752, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49754, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49725, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49726, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49755, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49699, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49701, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49748, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49777, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49761, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49698, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49735, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49734, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49740, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49727, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49729, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49718, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49756, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49764, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49722, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49751, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49708, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49778, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49779, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49700, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49743, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49704, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49719, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49728, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49776, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49713, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49711, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49753, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49710, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49716, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49705, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49746, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49714, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49745, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49763, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49733, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49742, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49765, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49730, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49738, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49769, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49768, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49720, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49715, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49724, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:46:39.757] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 82|max_alert: 1000 [2025-12-09 20:46:39.757] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:46:39.757] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:46:39.757] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:46:42.696] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25483 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai6zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49304.1726645691.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai6zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49304.1726645691.jsonl?X-Amz-Expires=604800&X-Amz-Signature=3ee7bdb38566127561f67e1296347451d3801d604d8b5c423659e56bf541ec60&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T124642Z"} [2025-12-09 20:46:42.696] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:46:42.696] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:46:42.696] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:46:42.696] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:46:42.696] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:46:42.697] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:46:42.919] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai6zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49304.1726645691.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765284402697, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49304, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.6123066711493411, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:46:42.919] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:46:42.919] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:46:42.919] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:46:42.919] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:46:45.805] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24381 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID45-httpCS4.8_windowsserver2022_kali_jdk_IP.1727331897.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID45-httpCS4.8_windowsserver2022_kali_jdk_IP.1727331897.jsonl?X-Amz-Signature=16710160bce62c7825ccad5bec6d2aaf805d9c4e3052c5f4e7a00a225903dc80&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251209T124645Z"} [2025-12-09 20:46:45.806] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:46:45.806] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:46:45.806] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:46:45.806] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:46:45.806] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:46:45.806] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:46:46.061] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID45-httpCS4.8_windowsserver2022_kali_jdk_IP.1727331897.jsonl|result:{"code": 1, "total_count": 83, "alert_count": 83, "abnormal_count": 83, "normal_count": 0, "timestamp": 1765284405806, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51655, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51680, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51659, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51679, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51633, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51623, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51696, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51701, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51654, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51699, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51631, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51632, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51662, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51704, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51673, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51681, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51636, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51650, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51656, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51666, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51687, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51638, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51634, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51672, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51676, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51684, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51685, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51692, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51694, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51702, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51640, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51677, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51661, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51703, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51665, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51688, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51705, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51700, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51622, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51644, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51697, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51651, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51652, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51686, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51667, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51668, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51670, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51643, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51629, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51625, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51664, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51627, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51642, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51630, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51698, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51660, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51647, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51649, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51658, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51626, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51663, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51675, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51674, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51695, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51645, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51639, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51678, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51637, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51691, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51653, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51671, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51690, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51646, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51628, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51648, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51669, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51635, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51682, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51693, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51657, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51641, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51683, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51689, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:46:46.061] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 83|max_alert: 1000 [2025-12-09 20:46:46.061] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:46:46.061] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:46:46.061] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:46:49.041] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24382 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID37-tls1.2CS4.8_windowsserver2008R2_kali_jdk_IP.1726231580.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID37-tls1.2CS4.8_windowsserver2008R2_kali_jdk_IP.1726231580.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T124648Z&X-Amz-SignedHeaders=host&X-Amz-Signature=5edae71cb946aff5bc1fce3f1517dd6e1ef583f75c315526b28f475e7dc2d3ec"} [2025-12-09 20:46:49.041] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:46:49.041] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:46:49.041] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:46:49.041] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:46:49.041] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:46:49.042] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:46:49.501] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID37-tls1.2CS4.8_windowsserver2008R2_kali_jdk_IP.1726231580.jsonl|result:{"code": 1, "total_count": 112, "alert_count": 112, "abnormal_count": 112, "normal_count": 0, "timestamp": 1765284409042, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49768, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7923159438006254, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49784, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5867428998501907, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49793, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7448775286033605, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49735, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6044174595237511, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49731, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8069184177741681, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49800, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.871033591839092, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49743, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6349377840234155, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49807, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8389106261781561, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49754, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6400899097383849, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49810, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5704504550212608, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49792, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8325824699400155, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49798, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5082812344830834, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49744, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9920095973296107, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49756, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9992637837832119, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49746, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7776490640094732, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49811, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5095207901246973, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49747, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5299121356980994, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49814, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6370032511731919, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49787, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.583504759539638, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49815, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9158015699594543, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49817, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5837985214011719, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49799, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6919323589928076, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49823, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6289006823963365, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49832, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6286531314331995, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49778, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7691358987024841, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49805, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9076279080411869, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49742, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6722895974583883, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49760, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5764724568118251, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49769, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.682103695742048, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49728, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.581552265100639, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49757, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6312508887369193, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49738, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.556065568176585, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49755, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5351759104514779, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49762, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6136386008700495, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49770, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5466613106244127, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49753, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5251421371984287, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49772, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5938334994630371, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49748, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.984624479314741, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49776, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7513997131291468, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49789, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6773822762075351, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49752, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9162915280527086, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49808, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6251034461648688, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49774, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.577559415211814, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49818, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6207400795826671, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49786, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7056498770769668, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49733, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7423363665440812, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49813, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8473021275821616, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49819, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7796816380895873, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49766, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.658637965918502, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49820, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7009875241471245, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49825, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8053130963076512, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49836, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7476498691631281, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49729, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9809403467498196, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49804, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5478133832825554, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49801, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.647914741453036, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49812, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.706294070438774, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49828, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6922208905689694, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49835, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5153755324910493, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49788, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6280368830830702, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49826, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6476250969150931, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49775, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6889816297826116, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49794, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5796788669375269, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49809, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6669664689250583, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49816, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7886050268027243, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49785, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8136152869635334, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49780, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6390337958952678, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49790, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.54371796430135, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49795, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5959405319546456, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49829, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6696501252722467, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49761, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5797355308586791, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49783, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7181443487507455, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49821, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7132269572254801, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49796, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5044194103590364, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49741, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.500583047882938, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49771, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7764212664672496, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49750, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6270718523792758, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49824, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5001985835511848, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49726, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8796340641787784, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49827, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6137809734323465, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49730, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5159080078940774, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49831, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5774538456489425, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49833, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6010225292560541, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49837, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9976796170307538, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49777, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5468982995254779, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49797, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.52883481767944, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49739, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7701146257275753, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49802, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.500891163178614, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49803, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6133706568496836, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49830, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6282666534121696, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49791, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6397377817819792, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49763, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7796700010033336, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49737, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.843418453494677, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49724, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7583786231535891, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49782, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8697870780883761, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49736, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9302597975907252, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49834, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6880216249895416, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49764, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5457631195970173, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49734, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6210938167851258, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49751, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5932385233858124, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49822, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6434306036763413, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49773, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.582852363837905, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49806, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5384596680520871, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49759, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6743796524080076, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49740, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9905707754518996, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49765, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6815354861534739, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49767, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7687740604415702, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49732, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9926483749592067, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49781, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7180553419022515, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49779, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5206366532258659, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49749, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6008170142414708, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49745, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6496782883967288, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49758, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5170339122828921, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:46:49.502] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 112|max_alert: 1000 [2025-12-09 20:46:49.502] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:46:49.502] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:46:49.502] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:46:52.152] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25135 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID45-httpCS4.8_windowsserver2022_kali_jdk_domain1.1727332585.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID45-httpCS4.8_windowsserver2022_kali_jdk_domain1.1727332585.jsonl?X-Amz-Date=20251209T124651Z&X-Amz-Expires=604800&X-Amz-Signature=24178dd00b347484db895ea001d9cd430ffec318d22bd0bf604d82d85096acdb&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:46:52.153] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:46:52.153] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:46:52.153] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:46:52.153] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:46:52.153] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:46:52.153] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:46:52.409] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID45-httpCS4.8_windowsserver2022_kali_jdk_domain1.1727332585.jsonl|result:{"code": 1, "total_count": 85, "alert_count": 85, "abnormal_count": 85, "normal_count": 0, "timestamp": 1765284412153, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51927, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51970, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51991, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51982, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51997, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51992, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51973, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51965, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51948, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51995, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52001, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51924, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51936, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51942, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51952, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51925, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51949, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51966, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51950, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51988, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51990, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51967, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51987, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51939, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51935, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51954, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51976, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51984, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51951, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51955, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51989, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51947, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51961, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51993, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51928, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52005, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51978, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51968, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51969, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51971, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51986, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51932, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51957, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51983, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52000, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51977, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51999, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51945, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51931, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51937, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51940, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51964, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51996, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51953, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52002, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51929, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51985, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52003, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51943, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51974, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51972, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52004, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51963, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51938, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51930, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51926, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52006, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51923, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51958, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51944, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51946, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51975, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51980, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51959, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51960, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51981, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51934, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51979, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51956, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51941, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51962, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51994, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51998, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52007, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51933, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:46:52.409] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 85|max_alert: 1000 [2025-12-09 20:46:52.409] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:46:52.409] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:46:52.409] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:46:55.271] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25136 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID44-httpCS4.8_windowsserver2016_ubuntu_openjdk_domain1.1727402108.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID44-httpCS4.8_windowsserver2016_ubuntu_openjdk_domain1.1727402108.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251209T124654Z&X-Amz-SignedHeaders=host&X-Amz-Signature=7413ce4adf222bbfe3af4abbefd88e4639d145e7837cdf9dea869253882bc867&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:46:55.271] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:46:55.271] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:46:55.272] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:46:55.272] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:46:55.272] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:46:55.272] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:46:55.519] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID44-httpCS4.8_windowsserver2016_ubuntu_openjdk_domain1.1727402108.jsonl|result:{"code": 1, "total_count": 74, "alert_count": 74, "abnormal_count": 74, "normal_count": 0, "timestamp": 1765284415272, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50630, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50654, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50645, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50649, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50679, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50621, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50685, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50684, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50636, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50667, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50680, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50656, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50643, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50672, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50622, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50637, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50639, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50660, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50676, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50666, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50690, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50688, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50665, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50623, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50663, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50671, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50678, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50670, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50651, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50677, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50648, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50629, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50624, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50673, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50647, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50641, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50632, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50683, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50687, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50627, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50675, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50689, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50642, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50628, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50644, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50650, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50669, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50686, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50634, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50668, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50635, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50653, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50631, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50638, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50652, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50626, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50661, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50674, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50640, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50655, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50658, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50657, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50681, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50662, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50682, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50646, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50659, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50633, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50617, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50625, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50620, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50619, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50664, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50618, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:46:55.519] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 74|max_alert: 1000 [2025-12-09 20:46:55.519] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:46:55.519] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:46:55.519] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:46:58.390] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25137 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID42-httpCS4.8_windowsserver2016_kali_openjdk_domain1.1727339678.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID42-httpCS4.8_windowsserver2016_kali_openjdk_domain1.1727339678.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T124657Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=2f0c969ea48e6e30d4edf5db7236730f6aa9de6a0a718276e684e1baf5533964"} [2025-12-09 20:46:58.390] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:46:58.390] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:46:58.390] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:46:58.391] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:46:58.391] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:46:58.391] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:46:58.652] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID42-httpCS4.8_windowsserver2016_kali_openjdk_domain1.1727339678.jsonl|result:{"code": 1, "total_count": 88, "alert_count": 88, "abnormal_count": 88, "normal_count": 0, "timestamp": 1765284418391, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54083, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54035, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54021, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54071, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54011, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54010, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54024, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54036, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54056, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54057, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54064, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54088, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54062, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54082, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54029, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54079, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54091, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54008, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54006, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54033, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54046, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54048, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54073, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54077, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54017, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54025, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54015, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54030, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54084, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54043, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54022, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54090, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54032, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54012, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54063, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54059, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54013, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54018, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54049, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54055, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54066, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54069, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54074, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54060, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54075, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54038, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54078, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54070, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54045, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54007, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54016, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54050, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54061, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54031, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54085, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54051, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54041, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54054, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54058, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54014, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54039, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54028, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54005, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54019, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54040, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54047, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54065, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54086, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54089, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54087, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54092, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54037, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54044, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54023, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54026, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54053, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54027, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54068, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54080, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54067, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54042, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54081, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54052, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54072, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54009, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54076, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54020, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54034, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:46:58.652] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 88|max_alert: 1000 [2025-12-09 20:46:58.652] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:46:58.652] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:46:58.652] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:47:01.530] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25138 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID43-httpCS4.8_windowsserver2016_ubuntu_jdk_domain3.1727400278.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID43-httpCS4.8_windowsserver2016_ubuntu_jdk_domain3.1727400278.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=1b9745e13499e92d569a309443f5c4b6ebacea53c7270bbfdabe7e1aa9a07261&X-Amz-Date=20251209T124700Z&X-Amz-SignedHeaders=host"} [2025-12-09 20:47:01.530] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:47:01.530] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:47:01.530] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:47:01.531] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:47:01.531] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:47:01.531] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:47:01.775] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID43-httpCS4.8_windowsserver2016_ubuntu_jdk_domain3.1727400278.jsonl|result:{"code": 1, "total_count": 71, "alert_count": 71, "abnormal_count": 71, "normal_count": 0, "timestamp": 1765284421531, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50105, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50130, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50091, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50125, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50106, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50100, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50129, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50113, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50075, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50080, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50132, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50131, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50092, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50128, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50069, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50085, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50087, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50109, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50114, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50067, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50133, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50111, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50068, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50077, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50123, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50089, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50136, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50078, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50073, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50117, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50095, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50116, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50102, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50127, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50088, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50083, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50099, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50071, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50115, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50135, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50124, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50081, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50098, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50121, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50137, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50074, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50119, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50079, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50108, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50101, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50107, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50122, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50070, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50134, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50118, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50096, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50110, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50090, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50082, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50084, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50094, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50097, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50093, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50103, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50126, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50076, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50086, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50112, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50120, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50072, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50104, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:47:01.775] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 71|max_alert: 1000 [2025-12-09 20:47:01.775] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:47:01.775] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:47:01.775] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:47:04.639] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25484 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID44-httpCS4.8_windowsserver2016_ubuntu_openjdk_domain2.1727402473.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID44-httpCS4.8_windowsserver2016_ubuntu_openjdk_domain2.1727402473.jsonl?X-Amz-Date=20251209T124704Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=5de00e09d3ab61a5ee5a1ad7da704802bec43703b73df84b0d14022e16c473e5&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:47:04.639] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:47:04.639] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:47:04.639] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:47:04.639] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:47:04.639] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:47:04.640] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:47:04.902] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID44-httpCS4.8_windowsserver2016_ubuntu_openjdk_domain2.1727402473.jsonl|result:{"code": 1, "total_count": 72, "alert_count": 72, "abnormal_count": 72, "normal_count": 0, "timestamp": 1765284424640, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50694, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50721, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50737, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50751, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50693, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50755, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50762, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50750, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50738, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50725, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50744, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50746, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50709, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50710, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50699, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50698, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50740, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50739, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50728, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50717, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50708, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50760, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50753, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50723, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50736, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50761, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50741, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50692, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50705, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50754, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50707, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50752, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50697, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50733, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50745, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50719, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50758, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50720, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50713, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50715, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50757, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50700, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50742, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50726, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50735, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50702, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50732, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50729, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50759, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50701, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50691, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50716, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50718, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50711, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50747, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50731, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50722, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50704, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50695, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50743, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50714, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50727, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50706, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50730, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50749, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50756, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50734, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50696, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50712, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50703, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50724, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50748, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:47:04.902] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 72|max_alert: 1000 [2025-12-09 20:47:04.902] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:47:04.902] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:47:04.902] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:47:07.808] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25139 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai4zwlkhflow1zwrkh.1726643552.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai4zwlkhflow1zwrkh.1726643552.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T124707Z&X-Amz-Signature=815493b9095e5b39c9af488af730c541a2c7e279b6a7dab726a15c6edf26b5a4&X-Amz-Expires=604800"} [2025-12-09 20:47:07.808] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:47:07.808] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:47:07.808] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:47:07.808] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:47:07.808] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:47:07.809] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:47:07.995] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai4zwlkhflow1zwrkh.1726643552.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765284427809, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49296, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9281476353222149, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:47:07.995] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:47:07.995] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:47:07.995] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:47:07.995] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:47:10.976] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25140 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai4zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49296.1726643552.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai4zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49296.1726643552.jsonl?X-Amz-Expires=604800&X-Amz-Signature=a3b5344115af47db8caaee00e8e7063c52e3317fc35f42673d31a6b4aecf66be&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T124710Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:47:10.976] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:47:10.976] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:47:10.976] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:47:10.976] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:47:10.976] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:47:10.977] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:47:11.163] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai4zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49296.1726643552.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765284430977, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49296, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9281476353222149, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:47:11.163] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:47:11.163] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:47:11.163] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:47:11.163] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:47:14.123] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24383 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID44-httpCS4.8_windowsserver2016_ubuntu_openjdk_domain3.1727402643.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID44-httpCS4.8_windowsserver2016_ubuntu_openjdk_domain3.1727402643.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=e0e36b9cd6f7482586113af28b869206e56d31b8ea71b9ec4072fc3880686312&X-Amz-Date=20251209T124713Z"} [2025-12-09 20:47:14.123] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:47:14.123] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:47:14.123] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:47:14.123] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:47:14.123] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:47:14.124] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:47:14.366] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID44-httpCS4.8_windowsserver2016_ubuntu_openjdk_domain3.1727402643.jsonl|result:{"code": 1, "total_count": 67, "alert_count": 67, "abnormal_count": 67, "normal_count": 0, "timestamp": 1765284434124, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50819, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50786, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50793, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50765, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50800, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50801, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50810, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50829, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50782, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50820, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50828, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50814, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50816, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50822, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50823, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50811, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50789, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50781, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50794, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50799, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50777, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50807, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50826, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50817, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50772, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50764, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50775, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50785, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50824, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50792, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50790, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50770, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50788, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50813, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50821, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50798, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50784, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50805, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50768, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50771, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50802, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50808, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50825, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50780, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50767, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50791, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50812, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50779, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50766, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50783, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50796, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50804, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50797, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50774, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50787, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50803, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50773, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50815, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50778, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50827, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50809, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50776, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50769, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50818, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50763, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50806, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50795, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:47:14.366] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 67|max_alert: 1000 [2025-12-09 20:47:14.366] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:47:14.366] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:47:14.366] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:47:17.262] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24384 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID36-httpCS4.8_windowsserver2008_ubuntu_openjdk_domain2.1727407090.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID36-httpCS4.8_windowsserver2008_ubuntu_openjdk_domain2.1727407090.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T124716Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=da8af16c1a4f4cf96c3f0129d3be98da5975bfce92c884d8f5135ff94007418d"} [2025-12-09 20:47:17.263] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:47:17.263] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:47:17.263] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:47:17.263] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:47:17.263] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:47:17.263] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:47:17.545] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID36-httpCS4.8_windowsserver2008_ubuntu_openjdk_domain2.1727407090.jsonl|result:{"code": 1, "total_count": 72, "alert_count": 72, "abnormal_count": 72, "normal_count": 0, "timestamp": 1765284437263, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49634, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49641, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49693, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49664, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49655, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49680, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49684, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49639, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49637, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49654, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49661, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49648, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49651, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49629, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49656, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49665, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49675, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49631, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49685, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49686, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49687, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49643, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49638, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49626, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49649, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49677, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49695, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49666, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49659, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49662, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49694, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49667, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49663, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49688, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49646, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49679, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49645, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49633, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49691, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49690, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49689, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49660, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49683, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49627, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49676, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49672, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49644, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49673, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49697, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49671, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49650, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49653, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49635, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49636, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49628, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49647, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49657, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49668, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49681, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49670, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49630, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49640, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49692, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49678, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49658, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49674, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49652, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49696, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49632, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49642, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49669, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49682, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:47:17.545] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 72|max_alert: 1000 [2025-12-09 20:47:17.545] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:47:17.545] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:47:17.545] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:47:20.383] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24385 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID43-httpCS4.8_windowsserver2016_ubuntu_jdk_domain2.1727400094.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID43-httpCS4.8_windowsserver2016_ubuntu_jdk_domain2.1727400094.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T124719Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=cb0737ae5757475af74072273ab25b46afec8f7fe2446c4458836c0a925c1356&X-Amz-SignedHeaders=host"} [2025-12-09 20:47:20.383] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:47:20.383] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:47:20.383] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:47:20.383] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:47:20.383] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:47:20.383] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:47:20.628] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID43-httpCS4.8_windowsserver2016_ubuntu_jdk_domain2.1727400094.jsonl|result:{"code": 1, "total_count": 73, "alert_count": 73, "abnormal_count": 73, "normal_count": 0, "timestamp": 1765284440383, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50011, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50025, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50026, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50038, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50050, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50024, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50014, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50039, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50048, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50052, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50055, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50056, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49999, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50000, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50046, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50028, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50008, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50010, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50006, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50045, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50002, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50030, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50020, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50005, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50017, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50021, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50062, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50033, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50059, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50016, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50061, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50027, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49994, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50034, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50060, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50023, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50004, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50041, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50043, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50047, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50009, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50003, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50063, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50057, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50035, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49998, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50051, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50058, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50022, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49996, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50007, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50053, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50054, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50013, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50015, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49995, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50036, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50019, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50032, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50042, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50064, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50065, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50040, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49997, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50066, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50018, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50029, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50044, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50049, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50031, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50001, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50012, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50037, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:47:20.628] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 73|max_alert: 1000 [2025-12-09 20:47:20.628] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:47:20.628] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:47:20.629] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:47:23.497] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25141 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID41-httpCS4.8_windowsserver2016_kali_jdk_domain1.1727337172.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID41-httpCS4.8_windowsserver2016_kali_jdk_domain1.1727337172.jsonl?X-Amz-Date=20251209T124723Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=375bfa7a4cd5595a8eb6f23bc315984f09cb766a90fb421724aec8735fa9f4c0&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-09 20:47:23.497] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:47:23.497] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:47:23.497] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:47:23.497] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:47:23.497] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:47:23.497] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:47:23.751] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID41-httpCS4.8_windowsserver2016_kali_jdk_domain1.1727337172.jsonl|result:{"code": 1, "total_count": 79, "alert_count": 79, "abnormal_count": 79, "normal_count": 0, "timestamp": 1765284443497, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51947, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51945, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51905, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51901, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51912, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51940, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51946, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51908, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51956, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51922, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51943, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51918, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51941, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51944, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51919, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51953, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51951, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51955, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51888, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51949, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51954, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51917, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51927, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51906, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51883, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51920, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51916, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51885, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51913, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51893, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51930, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51931, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51932, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51907, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51911, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51926, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51934, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51889, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51904, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51903, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51884, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51950, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51914, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51878, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51915, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51928, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51952, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51921, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51938, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51939, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51886, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51924, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51892, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51895, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51890, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51891, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51894, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51937, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51897, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51923, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51936, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51942, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51902, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51896, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51933, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51882, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51900, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51910, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51935, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51879, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51887, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51929, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51880, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51898, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51909, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51925, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51948, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51899, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51881, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:47:23.751] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 79|max_alert: 1000 [2025-12-09 20:47:23.751] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:47:23.751] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:47:23.751] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:47:26.682] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24386 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID42-httpCS4.8_windowsserver2016_kali_openjdk_domain3.1727340077.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID42-httpCS4.8_windowsserver2016_kali_openjdk_domain3.1727340077.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251209T124726Z&X-Amz-Signature=751dd46d27639609ea4dc2919fe3d94f98e158916e11f13114b08ff987496c36"} [2025-12-09 20:47:26.682] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:47:26.682] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:47:26.683] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:47:26.683] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:47:26.683] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:47:26.683] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:47:26.931] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID42-httpCS4.8_windowsserver2016_kali_openjdk_domain3.1727340077.jsonl|result:{"code": 1, "total_count": 75, "alert_count": 75, "abnormal_count": 75, "normal_count": 0, "timestamp": 1765284446683, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54190, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54212, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54240, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54195, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54218, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54188, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54220, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54237, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54253, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54222, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54242, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54227, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54228, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54260, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54214, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54213, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54243, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54234, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54255, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54191, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54193, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54233, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54248, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54262, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54226, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54238, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54244, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54235, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54198, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54245, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54208, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54219, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54199, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54210, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54201, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54202, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54229, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54196, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54221, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54200, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54251, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54231, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54254, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54209, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54246, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54217, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54247, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54203, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54232, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54258, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54207, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54205, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54225, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54216, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54230, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54257, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54194, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54206, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54236, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54261, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54204, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54224, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54215, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54241, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54239, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54249, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54192, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54259, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54252, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54197, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54211, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54223, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54250, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54256, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54189, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:47:26.931] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 75|max_alert: 1000 [2025-12-09 20:47:26.931] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:47:26.931] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:47:26.931] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:47:29.872] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25142 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai4zwlkhflow1zwrkh.1726645853.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai4zwlkhflow1zwrkh.1726645853.jsonl?X-Amz-Signature=d4c97ffc1182a7f944d2e8ad7ede59fd752b5c29943c96a3a6c2a1efbf053595&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251209T124729Z&X-Amz-SignedHeaders=host"} [2025-12-09 20:47:29.872] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:47:29.872] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:47:29.873] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:47:29.873] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:47:29.873] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:47:29.873] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:47:30.058] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai4zwlkhflow1zwrkh.1726645853.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765284449873, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49305, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8090173344462287, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:47:30.058] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:47:30.058] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:47:30.058] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:47:30.058] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:47:33.046] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25143 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai4zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49305.1726645853.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai4zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49305.1726645853.jsonl?X-Amz-Signature=883fe5f7dd124fe944f9f93a6c5fa16202c3b0fa9d1ab8edd689e660ac33f80f&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T124732Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-09 20:47:33.046] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:47:33.046] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:47:33.046] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:47:33.046] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:47:33.046] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:47:33.047] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:47:33.233] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai4zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49305.1726645853.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765284453047, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49305, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8090173344462287, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:47:33.233] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-09 20:47:33.233] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:47:33.233] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:47:33.233] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:47:36.169] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25144 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID46-httpCS4.8_windowsserver2022_kali_openjdk_domain2.1727322878.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID46-httpCS4.8_windowsserver2022_kali_openjdk_domain2.1727322878.jsonl?X-Amz-Date=20251209T124735Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=b318c25627cc64c5292c92a20562990aec773b31eb0e02743ab69f8d39ead42d&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-09 20:47:36.169] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:47:36.169] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:47:36.169] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:47:36.169] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:47:36.169] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:47:36.169] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:47:36.418] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID46-httpCS4.8_windowsserver2022_kali_openjdk_domain2.1727322878.jsonl|result:{"code": 1, "total_count": 76, "alert_count": 76, "abnormal_count": 76, "normal_count": 0, "timestamp": 1765284456169, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51471, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51483, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51453, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51486, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51455, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51474, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51441, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51433, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51430, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51444, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51445, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51460, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51463, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51457, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51482, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51428, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51436, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51475, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51438, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51452, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51467, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51449, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51434, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51473, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51423, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51477, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51416, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51456, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51459, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51418, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51465, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51468, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51472, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51450, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51442, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51485, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51426, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51427, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51435, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51446, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51466, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51451, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51440, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51461, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51425, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51429, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51454, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51469, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51432, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51443, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51412, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51422, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51479, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51480, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51437, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51414, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51417, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51419, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51421, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51448, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51464, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51439, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51484, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51458, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51420, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51413, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51424, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51481, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51470, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51476, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51415, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51431, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51487, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51478, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51462, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51447, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:47:36.418] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 76|max_alert: 1000 [2025-12-09 20:47:36.418] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:47:36.418] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:47:36.418] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:47:39.310] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25485 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID3_CS4.8_win11_Ubuntu_jdk_IP_tls1.2.1727153080.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID3_CS4.8_win11_Ubuntu_jdk_IP_tls1.2.1727153080.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251209T124738Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=5b7cb6655dc0ddecf3f027c74955699670d1e14a183887c81b2b87c6da0a199b"} [2025-12-09 20:47:39.310] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:47:39.310] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:47:39.310] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:47:39.310] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:47:39.310] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:47:39.310] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:47:39.590] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID3_CS4.8_win11_Ubuntu_jdk_IP_tls1.2.1727153080.jsonl|result:{"code": 1, "total_count": 38, "alert_count": 38, "abnormal_count": 38, "normal_count": 0, "timestamp": 1765284459311, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55709, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8052223147326051, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55725, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9179112567335342, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55693, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8281936818521867, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55703, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.43443764307544475, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55711, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8735355670445143, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55716, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8656962618480851, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55717, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7529186856087583, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55720, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8814570303567651, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55721, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9381423087481368, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55710, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9354175145683326, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55684, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7768616135426153, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55698, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8655711790715526, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55708, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7268629780454691, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55691, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5250009064998892, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55706, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9841489013912004, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55719, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7896022920217274, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55696, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8550177058387493, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55704, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9309465327242803, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55697, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8142165268723669, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55713, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9982322072604607, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55699, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9554137073287443, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55718, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.966755928267684, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55722, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9064747546557115, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55692, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9990730504881599, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55723, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8126107105818402, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55683, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55715, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8350117121599183, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55702, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8265037057823466, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55707, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6533423344481836, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55726, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6035592187695511, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55700, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7314742499457998, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55701, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9498470602830497, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55714, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.938727652183485, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55705, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9373204042335789, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55694, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8757593163586462, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55695, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9129807087497314, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55712, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8471099601102638, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55690, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6761603717156351, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-09 20:47:39.590] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 38|max_alert: 1000 [2025-12-09 20:47:39.590] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:47:39.590] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:47:39.590] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:47:42.419] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25486 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID45-httpCS4.8_windowsserver2022_kali_jdk_domain2.1727332783.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID45-httpCS4.8_windowsserver2022_kali_jdk_domain2.1727332783.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=cfd2d5f20aa6cc6a0094b0af66d3dd51139e9a885cf11887ffc181a70788266c&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251209T124741Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-09 20:47:42.419] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:47:42.419] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:47:42.419] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:47:42.419] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:47:42.419] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:47:42.419] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:47:42.668] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID45-httpCS4.8_windowsserver2022_kali_jdk_domain2.1727332783.jsonl|result:{"code": 1, "total_count": 76, "alert_count": 76, "abnormal_count": 76, "normal_count": 0, "timestamp": 1765284462420, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52018, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52031, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52013, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52047, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52036, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52061, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52074, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52025, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52065, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52066, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52035, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52017, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52052, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52057, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52049, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52020, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52012, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52011, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52044, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52060, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52062, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52026, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52055, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52028, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52029, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52064, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52071, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52063, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52079, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52078, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52081, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52077, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52080, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52033, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52067, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52009, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52051, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52083, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52058, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52053, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52032, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52010, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52024, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52015, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52038, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52034, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52039, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52041, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52054, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52008, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52072, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52073, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52076, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52082, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52014, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52016, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52048, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52068, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52023, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52059, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52019, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52075, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52050, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52021, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52037, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52043, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52022, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52027, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52045, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52040, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52030, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52042, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52069, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52046, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52056, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52070, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:47:42.668] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 76|max_alert: 1000 [2025-12-09 20:47:42.668] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:47:42.668] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:47:42.668] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:47:45.527] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25145 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID48-httpCS4.8_windowsserver2022_ubuntu_openjdk_domain3.1727317421.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID48-httpCS4.8_windowsserver2022_ubuntu_openjdk_domain3.1727317421.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=eeb3529c018881ee7e6269fb5468f7a38be065887af5ce51569d410d193ccfb3&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251209T124745Z"} [2025-12-09 20:47:45.528] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:47:45.528] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:47:45.528] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:47:45.528] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:47:45.528] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:47:45.528] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:47:45.765] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID48-httpCS4.8_windowsserver2022_ubuntu_openjdk_domain3.1727317421.jsonl|result:{"code": 1, "total_count": 64, "alert_count": 64, "abnormal_count": 64, "normal_count": 0, "timestamp": 1765284465528, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49892, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49881, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49872, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49880, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49902, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49907, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49911, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49873, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49905, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49868, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49884, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49887, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49898, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49919, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49903, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49915, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49874, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49863, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49879, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49899, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49912, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49917, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49909, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49875, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49891, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49908, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49920, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49922, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49862, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49882, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49896, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49897, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49869, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49866, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49918, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49900, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49870, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49916, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49913, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49889, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49876, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49904, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49888, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49894, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49923, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49895, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49864, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49877, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49886, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49885, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49883, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49893, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49914, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49860, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49861, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49865, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49871, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49878, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49890, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49867, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49906, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49910, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49901, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49921, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:47:45.765] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 64|max_alert: 1000 [2025-12-09 20:47:45.765] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:47:45.765] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:47:45.766] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-09 20:47:48.635] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25487 key: NULL payload: {"bucket":"2025-12-09","object":"20/output/gbm/replay.pcap-ID45-httpCS4.8_windowsserver2022_kali_jdk_domain3.1727332979.jsonl","url":"http://111.32.12.11:9000/2025-12-09/20/output/gbm/replay.pcap-ID45-httpCS4.8_windowsserver2022_kali_jdk_domain3.1727332979.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=6d7e11c463542442136bcce4c2d9baea1b448af86d686a204e7250863226876f&X-Amz-Date=20251209T124748Z"} [2025-12-09 20:47:48.635] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:259) process model: 1 [2025-12-09 20:47:48.635] [INFO] [tid:130855398528704] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-09 20:47:48.635] [INFO] [tid:130855398528704] (AiModule.cpp:131) load so module so_code_gbm [2025-12-09 20:47:48.635] [INFO] [tid:130855398528704] (AiModule.cpp:140) get function load [2025-12-09 20:47:48.635] [INFO] [tid:130855398528704] (AiModule.cpp:148) prepare args for function load [2025-12-09 20:47:48.636] [INFO] [tid:130855398528704] (AiModule.cpp:158) load result:0 [2025-12-09 20:47:48.916] [DEBUG] [tid:130855398528704] (AiModule.cpp:211) bucket:2025-12-09|object:20/output/gbm/replay.pcap-ID45-httpCS4.8_windowsserver2022_kali_jdk_domain3.1727332979.jsonl|result:{"code": 1, "total_count": 71, "alert_count": 71, "abnormal_count": 71, "normal_count": 0, "timestamp": 1765284468636, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52100, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52121, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52084, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52106, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52128, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52112, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52145, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52144, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52148, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52126, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52099, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52122, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52155, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52125, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52120, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52134, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52109, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52093, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52114, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52135, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52150, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52152, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52154, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52146, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52091, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52087, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52141, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52127, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52137, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52118, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52092, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52096, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52117, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52147, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52151, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52116, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52142, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52129, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52140, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52094, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52124, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52090, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52104, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52101, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52111, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52153, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52088, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52115, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52097, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52095, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52132, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52105, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52113, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52130, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52138, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52131, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52085, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52108, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52149, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52123, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52103, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52107, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52139, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52136, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52143, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52089, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52102, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52110, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52119, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52133, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52098, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-09 20:47:48.917] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:332) gbm alert_count: 71|max_alert: 1000 [2025-12-09 20:47:48.917] [DEBUG] [tid:130855398528704] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-09 20:47:48.917] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-09 20:47:48.917] [INFO] [tid:130855398528704] (KafkaConsumer.cpp:374) 上报kafka.